PatchSiren cyber security CVE debrief
CVE-2026-54017 open-webui CVE debrief
CVE-2026-54017 is a high-severity vulnerability in Open WebUI, a self-hosted artificial intelligence platform. Prior to version 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `path` segment before forwarding it to an admin-configured terminal server. This allows an authenticated user with granted access to a terminal server to craft `path` values containing encoded `../` traversal sequences that escape the intended path or policy scope on that server, reaching unintended endpoints and files on the terminal-server host. Where the terminal server fans requests out to internal services, this also gives SSRF-style reach into those services. The vulnerability is fixed in version 0.9.6.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-24
Who should care
Administrators and users of Open WebUI, especially those who have granted access to terminal servers, should be aware of this vulnerability and take immediate action to upgrade to version 0.9.6 or later. This vulnerability allows authenticated users to access unintended endpoints and files, potentially leading to sensitive information disclosure or further exploitation.
Technical summary
The vulnerability exists in the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py`. An authenticated user can craft `path` values containing encoded `../` traversal sequences to escape the intended path or policy scope on the terminal server, allowing access to unintended endpoints and files. This also enables SSRF-style reach into internal services if the terminal server fans requests out to them. Two distinct vectors are involved: raw path forwarding / single-encoded traversal and a bypass of the `_sanitize_proxy_path` mitigation using double-encoded dots (`%252e%252e`).
Defensive priority
High
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.6 or later
- Review and restrict access to terminal servers
- Monitor for suspicious activity and implement additional logging
- Consider implementing compensating controls, such as Web Application Firewalls (WAFs)
- Inventory and verify the integrity of affected systems
Evidence notes
The CVE record was published on 2026-06-18T22:16:32.080Z and was last modified on 2026-06-24T19:04:33.017Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS score of 7.7 and is classified as HIGH severity.
Official resources
-
CVE-2026-54017 CVE record
CVE.org
-
CVE-2026-54017 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T22:16:32.080Z and has not been modified since then. The NVD entry is currently Analyzed.