Volerion logoVolerion
Volerion logoVolerion

Open WebUI Inconsistent Authorization Vulnerability in Memories API Allowing Unauthorized Memory Access and Modification

Vulnerability

A vulnerability exists in Open WebUI versions prior to 0.6.19, where inconsistent authorization controls in the memories API allow standard users to delete, restore, and access the contents of other users' memories. A non-admin user can exploit this by querying memories through the POST /api/v1/memories/query endpoint, even without having any memories of their own. Additionally, while non-admin users cannot directly modify another user's memory via the POST /api/v1/memories/{memory_id}/update endpoint, the response from this endpoint improperly discloses the content of the memory if the memory_id is known. Furthermore, the DELETE /api/v1/memories/{memory_id} endpoint can be used by any user to delete a memory, which can then be restored by using the POST /api/v1/memories/{memory_id}/update endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of memory data, allowing users to view, delete, and restore memories that do not belong to them.

Reproduction

To reproduce this vulnerability, create a new non-admin user with no existing memories. First, verify that the user cannot access any memories by calling the GET /api/v1/memories/ endpoint, which should return an empty array. Then, use the POST /api/v1/memories/query endpoint to query memories, which will return memories created by other users, demonstrating unauthorized access. Next, attempt to modify a memory belonging to another user using the POST /api/v1/memories/{memory_id}/update endpoint. The response will leak the content of the memory, showing that the memory data can be accessed without permission. Finally, delete a memory using the DELETE /api/v1/memories/{memory_id} endpoint. After deletion, the memory can be restored by calling the POST /api/v1/memories/{memory_id}/update endpoint again, illustrating the ability to manipulate memory data across different users.

Remediation

Users are advised to update Open WebUI to version 0.6.19 or later, where this vulnerability has been fixed.

Added: May 15, 2026, 10:37 PM
Updated: May 15, 2026, 10:37 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.3
exploitability
4.6
remediation
7.7
relevance
8.4
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.