PatchSiren cyber security CVE debrief
CVE-2026-59224 open-webui CVE debrief
Open WebUI, a self-hosted AI platform, had a vulnerability prior to version 0.10.0. The issue was in the `terminals.py` file, where the `ws_terminal` upstream URL was built from an unencoded `session_id` and had `user_id` appended as a query parameter. This allowed for query injection, enabling the terminal backend to resolve another user's identity. The HTTP proxy path also forwarded `X-User-Id` as an integrity-unbound identity claim. The vulnerability is fixed in version 0.10.0. This issue could lead to unauthorized access to sensitive information or actions on behalf of the user.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Open WebUI, especially those hosting it themselves, should be aware of this vulnerability. If an attacker can inject malicious queries, they may be able to access another user's terminal session. This could lead to unauthorized access to sensitive information or actions on behalf of the user. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed.
Technical summary
The vulnerability in Open WebUI's `terminals.py` file allowed for query injection due to an unencoded `session_id`. An attacker could potentially inject malicious queries to access another user's terminal session. The issue was exacerbated by the forwarding of `X-User-Id` as an integrity-unbound identity claim in the HTTP proxy path. This vulnerability has been fixed in version 0.10.0. Affected product deployments should be reviewed for exposure, and compensating controls should be implemented while remediation is scheduled and verified.
Defensive priority
High
Recommended defensive actions
- Upgrade Open WebUI to version 0.10.0 or later
- Review and monitor terminal sessions for suspicious activity
- Implement additional security measures to protect against query injection attacks
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-07-09T17:17:03.770Z and last modified on 2026-07-10T15:22:04.010Z. The NVD entry is currently Analyzed. Evidence from the CVE record and NVD entry indicates that Open WebUI, a self-hosted AI platform, had a vulnerability prior to version 0.10.0. The issue was in the `terminals.py` file, where the `ws_terminal` upstream URL was built from an unencoded `session_id` and had `user_id` appended as a query parameter. This allowed for query injection, enabling the terminal backend to resolve another user's identity. The HTTP proxy path also forwarded `X-User-Id` as an integrity-unbound identity claim. The vulnerability is fixed in version 0.10.0. Defenders should verify affected scope, severity, and vendor guidance.
Official resources
-
CVE-2026-59224 CVE record
CVE.org
-
CVE-2026-59224 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:03.770Z and has not been modified since then. The NVD entry is currently Analyzed.