5.4
CVE-2026-29070 - Open WebUI has unauthorized deletion of knowledge files
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base (or is admin), β¦
7.1
CVE-2026-28788 - Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwβ¦
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a β¦
4.3
CVE-2026-28786 - Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message β including thβ¦
7.5
CVE-2026-33697 - CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys
Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoSβ¦
10
CVE-2026-33945 - Abitrary file write through systemd-creds option
Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like `systemd.credentiβ¦
8.8
CVE-2026-33898 - Local Incus UI web server vulnerable to nuthentication bypass
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port. For authentication,β¦
8.7
CVE-2026-4905 - Tenda AC5 POST Request WifiWpsOOB formWifiWpsOOB stack-based overflow
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. Thβ¦
8.7
CVE-2026-4904 - Tenda AC5 POST Request setcfm formSetCfm stack-based overflow
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit haβ¦
10
CVE-2026-33897 - Incus vulnerable to arbitrary file read and write through pongo templates
Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to tempβ¦
6.5
CVE-2026-33743 - Incus vulnerable to denial of source through crafted bucket backup file
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denβ¦