CVE-2026-44554: Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection O…

Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: backend/open_webui/routers/retrieval.py (lines 1810-1837, process_web) ba…

8.1CVSS Score

HIGHSeverity

NOCISA KEV

VulnerabilityImpact Type

📋 Vulnerability Details

CVE ID	CVE-2026-44554
Vendor	pip
Affected Product	open-webui
Vulnerability Type	Vulnerability
CVSS Score	8.1 (HIGH)
Actively Exploited	❌ No known exploitation
Patch Status	See Vendor Advisory →
Reported By	CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

Affected Component Retrieval web/YouTube processing endpoints:

• backend/open_webui/routers/retrieval.py (lines 1810-1837, process_web)

• backend/open_webui/routers/retrieval.py (the parallel process_youtube endpoint)

• backend/open_webui/routers/retrieval.py (line 1445, save_docs_to_vector_db call chain)

Affected Versions Current main branch (commit `6fdd19bf1`) and likely all versions with RAG/knowledge base functionality.

Description The `POST /api/v1/retrieval/process/web` endpoint accepts a user-supplied `collection_name` and an `overwrite` query parameter (default: `True`). It performs no authorization check on whether the calling user owns or has write access to the target colle

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-44554 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries

🛡️ Get Detection Pack → 🔌 Access via API →