PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59222 open-webui CVE debrief

CVE-2026-59222 is a sensitive information disclosure vulnerability in Open WebUI, a self-hosted AI platform. Versions from 0.7.0 to before 0.10.0 are affected. An authenticated user could exploit this vulnerability to obtain sensitive information about other users. The vulnerability exists in the GET /api/v1/channels//members endpoint, which returns full UserModelResponse objects for channel members, including sensitive settings such as settings.ui.toolServers[].key and webhook configurations. The issue was addressed in version 0.10.0. Users of Open WebUI should apply the patch to prevent unauthorized access to sensitive user information. This vulnerability has a CVSS score of 6 and a severity of MEDIUM.

Vendor
open-webui
Product
Unknown
CVSS
MEDIUM 6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Open WebUI versions between 0.7.0 and 0.10.0 should apply the patch to prevent unauthorized access to sensitive user information. This includes operators, platform administrators, vulnerability management teams, and security teams who need to ensure the security and integrity of their Open WebUI deployments. Additionally, users with exposure to the affected endpoint should review compensating controls and monitor for suspicious activity related to user information disclosure.

Technical summary

The Open WebUI platform, prior to version 0.10.0, contains a vulnerability that allows an authenticated user to retrieve sensitive information about other users through the GET /api/v1/channels//members endpoint. This endpoint returned full UserModelResponse objects for channel members, including sensitive settings such as settings.ui.toolServers[].key and webhook configurations. The issue was addressed in version 0.10.0. The vulnerability has a CVSS score of 6 and a severity of MEDIUM.

Defensive priority

Medium

Recommended defensive actions

  • Apply the patch by upgrading to Open WebUI version 0.10.0 or later.
  • Restrict access to the GET /api/v1/channels//members endpoint to authorized users only.
  • Monitor for suspicious activity related to user information disclosure.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-09T17:17:03.353Z and was last modified on 2026-07-10T17:43:06.180Z. The NVD entry is currently Analyzed. Evidence from the CVE record and NVD entry indicates that Open WebUI versions from 0.7.0 to before 0.10.0 are affected by a sensitive information disclosure vulnerability. The vulnerability allows an authenticated user to retrieve sensitive information about other users through the GET /api/v1/channels//members endpoint. The endpoint returned full UserModelResponse objects for channel members, including sensitive settings such as settings.ui.toolServers[].key and webhook configurations. The issue was addressed in version 0.10.0. To verify, defenders should review the official advisory and CVE record for affected scope, severity, and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:03.353Z and has not been modified since then.