Skip to main content

Open WebUI CVE-2026-59220

| EUVDEUVD-2026-42621 MEDIUM
Inefficient Regular Expression Complexity (ReDoS) (CWE-1333)
2026-07-09 GitHub_M
6.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

Network-reachable chat endpoint requires only a low-privilege authenticated session; no confidentiality or integrity impact, sole effect is event-loop availability loss.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 18:01 EUVD
Analysis Generated
Jul 09, 2026 - 17:22 vuln.today

DescriptionCVE.org

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticated chat message containing <$ without a closing > to trigger quadratic backtracking and block the asyncio event loop. This issue is fixed in version 0.10.0.

AnalysisAI

Regular expression denial of service in Open WebUI 0.9.2-0.9.x allows any authenticated user to block the Python asyncio event loop by sending a single malformed chat message. The SKILL_MENTION_RE and strip_re patterns in middleware.py use overlapping quantifiers when parsing skill-mention syntax, causing quadratic backtracking on input containing '<$' without a closing '>'. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid Open WebUI account
Delivery
Send HTTP POST chat message containing '<$' token
Exploit
Middleware invokes vulnerable SKILL_MENTION_RE regex
Execution
Quadratic backtracking consumes CPU in sync call
Persist
asyncio event loop blocks
Impact
All concurrent users denied service

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with at least low-privilege access (a standard chat user account). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H scores 6.5 (Medium), which is appropriate: the attack is network-reachable, requires no special configuration, and any authenticated low-privileged account can trigger it with trivial complexity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid Open WebUI account - obtained via self-registration, credential stuffing, or a shared demo instance - sends a single POST request to the chat API containing the payload '<$' as part of a message body. The backend middleware immediately invokes the vulnerable SKILL_MENTION_RE regex against the input, entering quadratic backtracking that consumes CPU and blocks the asyncio event loop, rendering the entire Open WebUI instance unresponsive to all other users for the duration of the regex execution. …
Remediation Upgrade to Open WebUI v0.10.0, which contains the confirmed fix per commit 61a26722155ec6ee1b629cf8dfcf975098c18331 and the release at https://github.com/open-webui/open-webui/releases/tag/v0.10.0. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-7053 CRITICAL POC
9.0 Mar 20

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session

CVE-2024-8017 CRITICAL POC
9.0 Mar 20

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the

CVE-2024-7044 HIGH POC
8.9 Mar 20

A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui

CVE-2024-7806 HIGH POC
8.8 Mar 20

A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Sit

CVE-2024-6707 HIGH POC
8.8 Aug 07

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traver

CVE-2025-65959 HIGH POC
8.7 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a St

CVE-2025-65958 HIGH POC
8.5 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Se

CVE-2024-7990 HIGH POC
8.4 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. Rated high severity (CV

CVE-2024-8053 HIGH POC
8.2 Mar 20

In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing u

CVE-2024-7034 HIGH POC
7.2 Mar 20

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handlin

CVE-2024-7959 HIGH POC
7.7 Mar 20

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2024-12537 HIGH POC
7.5 Mar 20

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker

Share

CVE-2026-59220 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy