Open WebUI v0.9.5 and earlier: Missing file ownership checks allow unauthorized file access and deletion

Open WebUI v0.9.5 and earlier allow an authenticated attacker to attach arbitrary file_id values to their own chat messages without ownership checks. By sharing that chat and granting read access, the attacker can read or delete victim files via GET/DELETE /api/v1/files/{id}. Additionally, the shared-chat authorization branch ignores access_type, so a read-only share can be used to delete files.

All Open WebUI instances running version <= 0.9.5. Any authenticated user can exploit this to read or delete files belonging to other users.

Upgrade to Open WebUI version 0.9.6 or later immediately. If upgrade is not possible, apply the recommended fix: filter file_ids in user_message.files to only those the caller owns or can read before calling Chats.insert_chat_files(), and ensure the shared-chat branch in has_access_to_file() honors access_type.