Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

通过用户控制密钥绕过授权机制

Open WebUI 安全漏洞

Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.8.6之前版本存在安全漏洞，该漏洞源于/api/v1/retrieval/process/files/batch端点缺少所有权检查，可能导致任意文件内容被覆盖。

N/A

N/A