CVE-2026-29071

Publication date

2026-03-26 23:54:38

Family

GitHub_M

State

PUBLISHED

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.