Skip to main content

Open WebUI CVE-2026-59215

| EUVDEUVD-2026-42630 LOW
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-09 security-advisories@github.com
3.1
CVSS 3.1 · Vendor: github

Severity by source

Vendor (github) PRIMARY
3.1 LOW
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
3.1 LOW

Network-accessible IDOR requiring an authenticated low-privilege account (PR:L) and knowledge of cross-channel message IDs (AC:H); impact is read-only thread context disclosure with no integrity or availability effect.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 18:01 EUVD
Analysis Generated
Jul 09, 2026 - 17:42 vuln.today

DescriptionCVE.org

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parent_id to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose thread context across channels. This issue is fixed in version 0.10.0.

AnalysisAI

Cross-channel thread context disclosure in Open WebUI prior to 0.10.0 allows authenticated low-privilege users to reference messages from private or DM channels they do not have access to, leaking thread content across channel boundaries. The root cause is a missing channel-binding validation on the parent_id parameter in thread reply handling - the server does not verify that the referenced parent message belongs to the channel specified in the URL. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege Open WebUI user
Delivery
Obtain or enumerate valid parent_id from inaccessible private or DM channel
Exploit
Craft thread reply request with foreign parent_id against accessible channel URL
Execution
Server processes request without channel-binding authorization check
Impact
Private channel thread context returned to attacker

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated Open WebUI account with at minimum low-privilege access (PR:L confirmed by CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) scores this at 3.1 (Low), which accurately reflects the realistic risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Open WebUI user with a low-privilege account obtains or enumerates a valid message ID from a private channel or DM conversation they are not a member of - for example, through a prior access period, application logging exposure, or brute-forcing numeric IDs. The user crafts a thread reply request targeting a legitimate channel URL but supplying the foreign message's ID as parent_id; the server processes the request without validating channel membership for the referenced parent, returning thread context from the private conversation. …
Remediation Upgrade Open WebUI to version 0.10.0 or later, which resolves the issue per the vendor security advisory GHSA-73x5-h92w-xc2j. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-7053 CRITICAL POC
9.0 Mar 20

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session

CVE-2024-8017 CRITICAL POC
9.0 Mar 20

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the

CVE-2024-7044 HIGH POC
8.9 Mar 20

A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui

CVE-2024-7806 HIGH POC
8.8 Mar 20

A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Sit

CVE-2024-6707 HIGH POC
8.8 Aug 07

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traver

CVE-2025-65959 HIGH POC
8.7 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a St

CVE-2025-65958 HIGH POC
8.5 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Se

CVE-2024-7990 HIGH POC
8.4 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. Rated high severity (CV

CVE-2024-8053 HIGH POC
8.2 Mar 20

In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing u

CVE-2024-7034 HIGH POC
7.2 Mar 20

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handlin

CVE-2024-7959 HIGH POC
7.7 Mar 20

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2024-12537 HIGH POC
7.5 Mar 20

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker

Share

CVE-2026-59215 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy