PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59216 open-webui CVE debrief

CVE-2026-59216 is a high-severity vulnerability in Open WebUI, a self-hosted AI platform. The issue allows authenticated users to execute code in another user's session, potentially leading to unauthorized access and data breaches. The vulnerability was patched in version 0.10.0. Users of Open WebUI should prioritize upgrading to version 0.10.0 or later to mitigate this vulnerability. The vulnerability exists due to insufficient validation of user-supplied session IDs in the get_event_call function.

Vendor
open-webui
Product
Unknown
CVSS
HIGH 7.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-13
Advisory published
2026-07-09
Advisory updated
2026-07-13

Who should care

Users of Open WebUI, especially those with sensitive data or high-security requirements, should prioritize upgrading to version 0.10.0 or later to mitigate this vulnerability. System administrators and security teams responsible for managing Open WebUI deployments should review their current usage and ensure that sensitive data is not being processed through the platform.

Technical summary

The vulnerability exists in the get_event_call function, which delivers execute:python and execute:tool Socket.IO events to a client-supplied session_id. An attacker can exploit this by learning another user's socket ID through ydoc:document:join and then executing code in that user's session. The issue has a CVSS score of 7.7 and is classified as HIGH severity. The vulnerability was patched in version 0.10.0, which includes fixes for the session ID validation issue.

Defensive priority

High priority should be given to upgrading Open WebUI to version 0.10.0 or later. Users should also review their current usage and ensure that sensitive data is not being processed through the platform.

Recommended defensive actions

  • Upgrade Open WebUI to version 0.10.0 or later
  • Review and restrict access to sensitive data
  • Monitor for suspicious activity
  • Implement additional security measures, such as authentication and authorization checks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-09T17:17:02.467Z and last modified on 2026-07-13T12:24:30.137Z. The NVD entry is currently Analyzed. The vulnerability affects Open WebUI, a self-hosted AI platform, and is fixed in version 0.10.0. Users should verify their deployments and apply the patch. The CVE details are sourced from official records and vendor advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:02.467Z and has not been modified since then. The NVD entry is currently Analyzed.