PatchSiren cyber security CVE debrief
CVE-2026-59219 open-webui CVE debrief
Open WebUI, a self-hosted AI platform, had an authentication bypass issue. From version 0.9.0 to before 0.10.0, with Redis configured, the Socket.IO connection and certain websocket messages did not properly check for revoked JWTs, allowing continued authentication with revoked tokens. This issue was fixed in version 0.10.0. The affected product deployments should be reviewed, and owners should be assigned for follow-up.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Open WebUI, especially those with Redis configured, should update to version 0.10.0 or later to address this authentication bypass vulnerability. Affected operator, platform, vulnerability-management, and security-team impact should be assessed.
Technical summary
In Open WebUI versions 0.9.0 to before 0.10.0, with Redis configured, the Socket.IO connection and certain websocket messages (user-join, join-channels, join-note, and terminal websocket first-message) used decode_token without the Redis-backed is_valid_token revocation check. This allowed revoked JWTs to continue authenticating realtime connections, effectively bypassing authentication. The issue was addressed in version 0.10.0. Affected product context and defensive impact should be assessed.
Defensive priority
High
Recommended defensive actions
- Update Open WebUI to version 0.10.0 or later
- Review and revoke any existing JWTs
- Monitor for suspicious authentication attempts
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-07-09T17:17:02.877Z and was last modified on 2026-07-10T18:17:21.790Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus. Further verification is recommended to ensure accuracy.
Official resources
-
CVE-2026-59219 CVE record
CVE.org
-
CVE-2026-59219 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory, Exploit
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:02.877Z and has not been modified since then. The NVD entry is currently Analyzed.