{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/open-webui--0.6.19/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["open-webui (\u003c 0.6.19)"],"_cs_severities":["high"],"_cs_tags":["authorization","information-disclosure","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Open WebUI"],"content_html":"\u003cp\u003eOpen WebUI versions prior to 0.6.19 contain an authorization vulnerability in the memories API that allows a standard, non-admin user to perform unauthorized actions on other users\u0026rsquo; memories. Specifically, a user can view the contents of other users\u0026rsquo; memories via the \u003ccode\u003ePOST /api/v1/memories/query\u003c/code\u003e endpoint, even without having created any memories themselves. Further, the \u003ccode\u003ePOST /api/v1/memories/{memory_id}/update\u003c/code\u003e endpoint leaks memory contents even if modification is not permitted. Additionally, the \u003ccode\u003eDELETE /api/v1/memories/{memory_id}\u003c/code\u003e endpoint allows any user to delete existing memories, which can then be restored using the update endpoint. This vulnerability, identified as CVE-2026-44570, allows unauthorized access and modification of sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker creates a new, non-admin user account on the Open WebUI instance.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to obtain a valid JWT bearer token.\u003c/li\u003e\n\u003cli\u003eAttacker sends a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/api/v1/memories/query\u003c/code\u003e with an empty content payload \u003ccode\u003e{\u0026quot;content\u0026quot;: \u0026quot;\u0026quot;}\u003c/code\u003e to enumerate existing memories.\u003c/li\u003e\n\u003cli\u003eThe server responds with memory IDs, content snippets and metadata of other users\u0026rsquo; memories.\u003c/li\u003e\n\u003cli\u003eAttacker can then send a \u003ccode\u003eDELETE\u003c/code\u003e request to \u003ccode\u003e/api/v1/memories/{memory_id}\u003c/code\u003e to delete the targeted memory from the application.\u003c/li\u003e\n\u003cli\u003eAttacker can send a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/api/v1/memories/{memory_id}/update\u003c/code\u003e with an empty content payload \u003ccode\u003e{\u0026quot;content\u0026quot;: \u0026quot;\u0026quot;}\u003c/code\u003e to restore a previously deleted memory.\u003c/li\u003e\n\u003cli\u003eThe attacker has now successfully accessed, deleted, and restored data belonging to other users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44570 can lead to the disclosure of sensitive data stored within user memories. Non-admin users can gain unauthorized access to other users\u0026rsquo; data, delete memories, and restore them. This can impact the confidentiality and integrity of the data managed by Open WebUI. The vulnerability affects Open WebUI instances running versions prior to 0.6.19.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Open WebUI to version 0.6.19 or later to patch CVE-2026-44570.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unauthorized \u003ccode\u003ePOST\u003c/code\u003e requests to \u003ccode\u003e/api/v1/memories/query\u003c/code\u003e originating from non-admin users, looking for anomalous data access patterns.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for unauthorized \u003ccode\u003eDELETE\u003c/code\u003e requests to \u003ccode\u003e/api/v1/memories/{memory_id}\u003c/code\u003e originating from non-admin users, and correlate with subsequent \u003ccode\u003ePOST\u003c/code\u003e requests to \u003ccode\u003e/api/v1/memories/{memory_id}/update\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Unauthorized Memory Query\u0026rdquo; to identify instances of non-admin users querying the memories API.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-11T14:26:12Z","date_published":"2026-05-11T14:26:12Z","id":"https://feed.craftedsignal.io/briefs/2026-05-open-webui-authz/","summary":"Open WebUI versions before 0.6.19 have inconsistent authorization controls within the memories API, allowing standard users to view, delete, and restore other users' memories, potentially leading to sensitive data disclosure and unauthorized access as tracked by CVE-2026-44570.","title":"Open WebUI Inconsistent Authorization Controls in Memories API","url":"https://feed.craftedsignal.io/briefs/2026-05-open-webui-authz/"}],"language":"en","title":"CraftedSignal Threat Feed — Open-Webui (\u003c 0.6.19)","version":"https://jsonfeed.org/version/1.1"}