Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui

Vulnerability

Overview The /api/pipelines/upload endpoint in Open WebUI v0.3.8 is vulnerable to arbitrary file write and deletion due to insufficient sanitization of the file.filename parameter. The filename is concatenated directly with the CACHE_DIR path without proper validation, allowing path traversal sequences [1][2].

Exploitation

An attacker can craft a filename containing directory traversal characters (e.g., ../) to write or delete files outside the intended cache directory. This attack requires network access to the Open WebUI instance and the ability to send a POST request to the vulnerable endpoint. No authentication is explicitly required, but the endpoint may be protected by other means [2][3].

Impact

Successful exploitation enables an attacker to overwrite critical system files, such as configuration files or executables, potentially leading to remote code execution (RCE). The ability to delete files can also cause denial of service or disrupt application functionality [2][3].

Mitigation

As of the publication date, no official patch has been released for this vulnerability. Users of Open WebUI v0.3.8 should restrict access to the /api/pipelines/upload endpoint, implement strict input validation on filenames, or upgrade to a newer version if a fix becomes available [1][2].