{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T10:28:17.019","vulnerabilities":[{"cve":{"id":"CVE-2026-29071","sourceIdentifier":"security-advisories@github.com","published":"2026-03-27T00:16:22.983","lastModified":"2026-04-01T16:09:53.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."},{"lang":"es","value":"Open WebUI es una plataforma de inteligencia artificial autoalojada diseñada para operar completamente sin conexión. Antes de la versión 0.8.6, cualquier usuario autenticado puede leer las memorias privadas de otros usuarios a través de '/API/v1/retrieval/query/collection'. La versión 0.8.6 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.6","matchCriteriaId":"98042D01-E16B-45CE-9BBC-E5A6E2AA2370"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}