PatchSiren cyber security CVE debrief
CVE-2026-59220 open-webui CVE debrief
CVE-2026-59220 is a MEDIUM severity vulnerability in Open WebUI, a self-hosted AI platform. From version 0.9.2 to before 0.10.0, the platform is susceptible to quadratic backtracking due to overlapping quantifiers in the SKILL_MENTION_RE and strip_re regular expressions. This issue allows an authenticated user to block the asyncio event loop by sending a chat message containing a malformed skill mention, potentially leading to a denial of service. The issue was addressed in version 0.10.0. Affected product or component is Open WebUI, and the vulnerability class is related to regular expression parsing.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Open WebUI version 0.9.2 up to but not including 0.10.0 should apply the patch to prevent potential service disruption via a crafted chat message. Affected operators and platform administrators should review the vulnerability and apply the patch as soon as possible. Vulnerability management and security teams should also be aware of the potential impact and prioritize patching.
Technical summary
The Open WebUI platform, used for self-hosted AI services, has a vulnerability in its handling of skill mentions within chat messages. Specifically, the SKILL_MENTION_RE and strip_re regular expressions used in the middleware.py file are vulnerable to quadratic backtracking when encountering a malformed skill mention. This can occur when an authenticated user sends a chat message containing <$ without a closing >, which can cause the asyncio event loop to block, potentially leading to a denial of service. The issue was addressed in version 0.10.0.
Defensive priority
Apply the patch from version 0.10.0 to prevent potential service disruption.
Recommended defensive actions
- Apply the patch from version 0.10.0
- Restrict chat message input to prevent malformed skill mentions
- Monitor for suspicious chat activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-09T17:17:03.040Z and was last modified on 2026-07-10T18:15:48.287Z. The NVD entry is currently Analyzed. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The Open WebUI platform has a vulnerability in its handling of skill mentions within chat messages, which can cause the asyncio event loop to block, potentially leading to a denial of service.
Official resources
-
CVE-2026-59220 CVE record
CVE.org
-
CVE-2026-59220 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:03.040Z and has not been modified since then.