CVE-2026-59217 | open-webui Open WebUI up to 0.9.x File Upload add knowledge_id unrestricted upload

SecurityVulns

A vulnerability was found in open-webui Open WebUI up to 0.9.x and classified as critical. This vulnerability affects the function Add of the file /api/v1/knowledge/file/add of the component File Upload. Executing a manipulation of the argument knowledge_id can lead to unrestricted upload.

This vulnerability appears as CVE-2026-59217. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More