PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59223 open-webui CVE debrief

Open WebUI, a self-hosted AI platform, is vulnerable to a blocklist bypass issue due to improper comparison of configured host entries against URL strings and non-label-boundary suffixes. This allows for path-based blocklist bypasses and sibling-domain matches that do not reflect the intended hostname policy. The issue is fixed in version 0.10.0. Users of Open WebUI, especially those hosting it, should be aware of this vulnerability and update to version 0.10.0 to mitigate the risk. The vulnerability has a CVSS score of 4.3 and is considered Medium priority.

Vendor
open-webui
Product
Unknown
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Open WebUI, especially those hosting it, should be aware of this vulnerability and update to version 0.10.0 to mitigate the risk. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review and adjust WEB_FETCH_FILTER_LIST configurations to ensure proper filtering and monitor for any suspicious activity related to Open WebUI.

Technical summary

Open WebUI, prior to version 0.10.0, has a vulnerability in WEB_FETCH_FILTER_LIST where it improperly compares configured host entries against URL strings and non-label-boundary suffixes. This allows for blocklist bypasses through path-based attacks, such as using !internal.example.com in a URL path, and allows for sibling-domain matches that do not reflect the intended hostname policy. The issue is fixed in version 0.10.0.

Defensive priority

Medium priority due to the CVSS score of 4.3 and the availability of a patch.

Recommended defensive actions

  • Update Open WebUI to version 0.10.0 or later
  • Review and adjust WEB_FETCH_FILTER_LIST configurations to ensure proper filtering
  • Monitor for any suspicious activity related to Open WebUI
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-09T17:17:03.603Z and was last modified on 2026-07-10T17:39:40.083Z. The NVD entry is currently Analyzed. The vulnerability affects Open WebUI, specifically versions prior to 0.10.0. The issue is related to WEB_FETCH_FILTER_LIST and allows for blocklist bypasses through path-based attacks. The CVE record was sourced from nvd_modified.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:03.603Z and has not been modified since then. The NVD entry is currently Analyzed.