CVE-2026-54014
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
In Open WebUI prior to version 0.9.6, a path traversal vulnerability exists in the cache file serving endpoint that allows authenticated users to read files from sibling directories outside the intended cache directory.
Risk Assessment
This vulnerability may lead to unauthorized access to sensitive data stored in sibling directories, posing a significant security risk to the organization.
Recommendation
It is recommended to update Open WebUI to version 0.9.6 or later to mitigate this vulnerability.
Original NVD description (English source)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache directory, by exploiting an incomplete startswith containment check that lacks a trailing path separator. The root cause is that serve_cache_file() in open_webui/main.py validates the resolved path with file_path.startswith(os.path.abspath(CACHE_DIR)) — without appending os.sep. This allows any path resolving to a sibling directory whose name begins with cache (e.g. cache_sibling, cache_backup, cached_models) to pass validation. This vulnerability is fixed in 0.9.6.

