CVE-2026-29070: Open WebUI has unauthorized deletion of knowledge files

March 27, 2026

An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base (or is admin), but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from arbitrary knowledge bases (as long as one knows the file id)

References

github.com/advisories/GHSA-26gm-93rw-cchf
github.com/open-webui/open-webui
github.com/open-webui/open-webui/blob/main/backend/open_webui/routers/knowledge.py
github.com/open-webui/open-webui/security/advisories/GHSA-26gm-93rw-cchf
nvd.nist.gov/vuln/detail/CVE-2026-29070

Code Behaviors & Features

Detect and mitigate CVE-2026-29070 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →