PatchSiren cyber security CVE debrief
CVE-2026-59223 open-webui CVE debrief
Open WebUI, a self-hosted AI platform, is vulnerable to a blocklist bypass issue due to improper comparison of configured host entries against URL strings and non-label-boundary suffixes. This allows for path-based blocklist bypasses and sibling-domain matches that do not reflect the intended hostname policy. The issue is fixed in version 0.10.0. Users of Open WebUI, especially those hosting it, should be aware of this vulnerability and update to version 0.10.0 to mitigate the risk. The vulnerability has a CVSS score of 4.3 and is considered Medium priority.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Open WebUI, especially those hosting it, should be aware of this vulnerability and update to version 0.10.0 to mitigate the risk. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review and adjust WEB_FETCH_FILTER_LIST configurations to ensure proper filtering and monitor for any suspicious activity related to Open WebUI.
Technical summary
Open WebUI, prior to version 0.10.0, has a vulnerability in WEB_FETCH_FILTER_LIST where it improperly compares configured host entries against URL strings and non-label-boundary suffixes. This allows for blocklist bypasses through path-based attacks, such as using !internal.example.com in a URL path, and allows for sibling-domain matches that do not reflect the intended hostname policy. The issue is fixed in version 0.10.0.
Defensive priority
Medium priority due to the CVSS score of 4.3 and the availability of a patch.
Recommended defensive actions
- Update Open WebUI to version 0.10.0 or later
- Review and adjust WEB_FETCH_FILTER_LIST configurations to ensure proper filtering
- Monitor for any suspicious activity related to Open WebUI
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-09T17:17:03.603Z and was last modified on 2026-07-10T17:39:40.083Z. The NVD entry is currently Analyzed. The vulnerability affects Open WebUI, specifically versions prior to 0.10.0. The issue is related to WEB_FETCH_FILTER_LIST and allows for blocklist bypasses through path-based attacks. The CVE record was sourced from nvd_modified.
Official resources
-
CVE-2026-59223 CVE record
CVE.org
-
CVE-2026-59223 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:03.603Z and has not been modified since then. The NVD entry is currently Analyzed.