PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59213 open-webui CVE debrief

CVE-2026-59213 is a low-severity vulnerability in Open WebUI, a self-hosted AI platform. A cache issue in versions 0.6.27 to 0.9.9 allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. The issue is fixed in version 0.10.0. This vulnerability has a CVSS score of 3.5 and is considered low severity. Users of Open WebUI, especially those with multiple users, should be aware of this vulnerability and take steps to ensure they are running a patched version.

Vendor
open-webui
Product
Unknown
CVSS
LOW 3.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Open WebUI, especially those with multiple users, should be aware of this vulnerability and take steps to ensure they are running a patched version. This vulnerability allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. Users should review their current version and upgrade to version 0.10.0 or later to mitigate the issue.

Technical summary

The get_all_models handlers in routers/openai.py and routers/ollama.py of Open WebUI passed a lambda to aiocache key instead of key_builder. This caused permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. The vulnerability has a CVSS score of 3.5 and is considered low severity. The issue affects users of Open WebUI, particularly those with multiple users. Users should verify their current version and ensure they are running a patched version.

Defensive priority

Low priority, but users should ensure they are running version 0.10.0 or later to mitigate the issue. This vulnerability allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window.

Recommended defensive actions

  • Upgrade to Open WebUI version 0.10.0 or later
  • Review user model lists for potential exposure
  • Monitor for suspicious activity
  • Verify current version and ensure a patched version is running
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-09T17:17:02.030Z and was last modified on 2026-07-10T19:49:23.313Z. The NVD entry is currently Analyzed. This issue affects users of Open WebUI, particularly those with multiple users. The vulnerability allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. Users should verify their current version and ensure they are running a patched version. The CVE record and NVD entry provide additional context for defenders.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:02.030Z and has not been modified since then.