PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59214 open-webui CVE debrief

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:02.177Z and has not been modified since then. The NVD entry is currently Analyzed. Open WebUI, a self-hosted AI platform, runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads to issue authenticated same-origin requests when a victim clicks Run. This can reach admin-only endpoints and execute server-side code through configured tools. The issue is fixed in version 0.10.0. Users of Open WebUI, especially those with admin privileges, should be aware of this vulnerability and take immediate action.

Vendor
open-webui
Product
Unknown
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Open WebUI, especially those with admin privileges, should be aware of this vulnerability and take immediate action to upgrade to version 0.10.0 or later. This includes reviewing and restricting access to admin-only endpoints, monitoring for suspicious activity, and implementing compensating controls. Operators, platform administrators, vulnerability management teams, and security teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

Open WebUI, a self-hosted AI platform, runs client-side Python with Pyodide in a same-origin web worker. Prior to version 0.10.0, this allows stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue authenticated same-origin requests when a victim clicks Run. These requests can reach admin-only endpoints and execute server-side code through configured tools. The issue is fixed in version 0.10.0, which addresses the vulnerability by properly handling authenticated requests.

Defensive priority

High priority due to the potential for authenticated same-origin requests to admin-only endpoints.

Recommended defensive actions

  • Upgrade Open WebUI to version 0.10.0 or later
  • Review and restrict access to admin-only endpoints
  • Monitor for suspicious activity and implement compensating controls
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record and NVD detail provide information on the vulnerability and its fix. The vendor advisory on GitHub provides additional mitigation and vendor reference information. Open WebUI's use of Pyodide in a same-origin web worker allows for authenticated same-origin requests. Users should verify their deployments and review official advisories for affected scope and severity. Defenders should focus on upgrading to version 0.10.0 or later and restrict access to admin-only endpoints.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:02.177Z and has not been modified since then.