PatchSiren cyber security CVE debrief
CVE-2026-59222 open-webui CVE debrief
CVE-2026-59222 is a sensitive information disclosure vulnerability in Open WebUI, a self-hosted AI platform. Versions from 0.7.0 to before 0.10.0 are affected. An authenticated user could exploit this vulnerability to obtain sensitive information about other users. The vulnerability exists in the GET /api/v1/channels//members endpoint, which returns full UserModelResponse objects for channel members, including sensitive settings such as settings.ui.toolServers[].key and webhook configurations. The issue was addressed in version 0.10.0. Users of Open WebUI should apply the patch to prevent unauthorized access to sensitive user information. This vulnerability has a CVSS score of 6 and a severity of MEDIUM.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Open WebUI versions between 0.7.0 and 0.10.0 should apply the patch to prevent unauthorized access to sensitive user information. This includes operators, platform administrators, vulnerability management teams, and security teams who need to ensure the security and integrity of their Open WebUI deployments. Additionally, users with exposure to the affected endpoint should review compensating controls and monitor for suspicious activity related to user information disclosure.
Technical summary
The Open WebUI platform, prior to version 0.10.0, contains a vulnerability that allows an authenticated user to retrieve sensitive information about other users through the GET /api/v1/channels//members endpoint. This endpoint returned full UserModelResponse objects for channel members, including sensitive settings such as settings.ui.toolServers[].key and webhook configurations. The issue was addressed in version 0.10.0. The vulnerability has a CVSS score of 6 and a severity of MEDIUM.
Defensive priority
Medium
Recommended defensive actions
- Apply the patch by upgrading to Open WebUI version 0.10.0 or later.
- Restrict access to the GET /api/v1/channels//members endpoint to authorized users only.
- Monitor for suspicious activity related to user information disclosure.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-09T17:17:03.353Z and was last modified on 2026-07-10T17:43:06.180Z. The NVD entry is currently Analyzed. Evidence from the CVE record and NVD entry indicates that Open WebUI versions from 0.7.0 to before 0.10.0 are affected by a sensitive information disclosure vulnerability. The vulnerability allows an authenticated user to retrieve sensitive information about other users through the GET /api/v1/channels//members endpoint. The endpoint returned full UserModelResponse objects for channel members, including sensitive settings such as settings.ui.toolServers[].key and webhook configurations. The issue was addressed in version 0.10.0. To verify, defenders should review the official advisory and CVE record for affected scope, severity, and vendor guidance.
Official resources
-
CVE-2026-59222 CVE record
CVE.org
-
CVE-2026-59222 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:03.353Z and has not been modified since then.