PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54017 open-webui CVE debrief

CVE-2026-54017 is a high-severity vulnerability in Open WebUI, a self-hosted artificial intelligence platform. Prior to version 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `path` segment before forwarding it to an admin-configured terminal server. This allows an authenticated user with granted access to a terminal server to craft `path` values containing encoded `../` traversal sequences that escape the intended path or policy scope on that server, reaching unintended endpoints and files on the terminal-server host. Where the terminal server fans requests out to internal services, this also gives SSRF-style reach into those services. The vulnerability is fixed in version 0.9.6.

Vendor
open-webui
Product
Unknown
CVSS
HIGH 7.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-24
Advisory published
2026-06-18
Advisory updated
2026-06-24

Who should care

Administrators and users of Open WebUI, especially those who have granted access to terminal servers, should be aware of this vulnerability and take immediate action to upgrade to version 0.9.6 or later. This vulnerability allows authenticated users to access unintended endpoints and files, potentially leading to sensitive information disclosure or further exploitation.

Technical summary

The vulnerability exists in the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py`. An authenticated user can craft `path` values containing encoded `../` traversal sequences to escape the intended path or policy scope on the terminal server, allowing access to unintended endpoints and files. This also enables SSRF-style reach into internal services if the terminal server fans requests out to them. Two distinct vectors are involved: raw path forwarding / single-encoded traversal and a bypass of the `_sanitize_proxy_path` mitigation using double-encoded dots (`%252e%252e`).

Defensive priority

High

Recommended defensive actions

  • Upgrade Open WebUI to version 0.9.6 or later
  • Review and restrict access to terminal servers
  • Monitor for suspicious activity and implement additional logging
  • Consider implementing compensating controls, such as Web Application Firewalls (WAFs)
  • Inventory and verify the integrity of affected systems

Evidence notes

The CVE record was published on 2026-06-18T22:16:32.080Z and was last modified on 2026-06-24T19:04:33.017Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS score of 7.7 and is classified as HIGH severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T22:16:32.080Z and has not been modified since then. The NVD entry is currently Analyzed.