PatchSiren cyber security CVE debrief
CVE-2026-59213 open-webui CVE debrief
CVE-2026-59213 is a low-severity vulnerability in Open WebUI, a self-hosted AI platform. A cache issue in versions 0.6.27 to 0.9.9 allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. The issue is fixed in version 0.10.0. This vulnerability has a CVSS score of 3.5 and is considered low severity. Users of Open WebUI, especially those with multiple users, should be aware of this vulnerability and take steps to ensure they are running a patched version.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- LOW 3.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Open WebUI, especially those with multiple users, should be aware of this vulnerability and take steps to ensure they are running a patched version. This vulnerability allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. Users should review their current version and upgrade to version 0.10.0 or later to mitigate the issue.
Technical summary
The get_all_models handlers in routers/openai.py and routers/ollama.py of Open WebUI passed a lambda to aiocache key instead of key_builder. This caused permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. The vulnerability has a CVSS score of 3.5 and is considered low severity. The issue affects users of Open WebUI, particularly those with multiple users. Users should verify their current version and ensure they are running a patched version.
Defensive priority
Low priority, but users should ensure they are running version 0.10.0 or later to mitigate the issue. This vulnerability allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window.
Recommended defensive actions
- Upgrade to Open WebUI version 0.10.0 or later
- Review user model lists for potential exposure
- Monitor for suspicious activity
- Verify current version and ensure a patched version is running
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-09T17:17:02.030Z and was last modified on 2026-07-10T19:49:23.313Z. The NVD entry is currently Analyzed. This issue affects users of Open WebUI, particularly those with multiple users. The vulnerability allows permission-filtered per-user model lists to share a static cache entry, potentially exposing one user's model list to another caller during the TTL window. Users should verify their current version and ensure they are running a patched version. The CVE record and NVD entry provide additional context for defenders.
Official resources
-
CVE-2026-59213 CVE record
CVE.org
-
CVE-2026-59213 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:02.030Z and has not been modified since then.