Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATA_DIR path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
open-webuiPyPI | < 0.8.6 | 0.8.6 |
Affected products
1- Range: < 0.8.6
Patches
1387225eb8b39fix: suppress internal path leakage in audio transcription errors (GHSA-vvxm-vxmr-624h) (#22108)
1 file changed · +4 −4
backend/open_webui/routers/audio.py+4 −4 modified@@ -1194,8 +1194,8 @@ def transcription( ) try: - ext = file.filename.split(".")[-1] if file.filename else "" - ext = ext.replace("/", "").replace("\\", "").replace("..", "") + safe_name = os.path.basename(file.filename) if file.filename else "" + ext = safe_name.rsplit(".", 1)[-1] if "." in safe_name else "" id = uuid.uuid4() @@ -1231,15 +1231,15 @@ def transcription( raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, - detail=ERROR_MESSAGES.DEFAULT(e), + detail="Transcription failed.", ) except Exception as e: log.exception(e) raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, - detail=ERROR_MESSAGES.DEFAULT(e), + detail="Transcription failed.", )
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.