Skip to main content

Open WebUI EUVDEUVD-2026-42618

| CVE-2026-59227 MEDIUM
Missing Authorization (CWE-862)
2026-07-09 GitHub_M
5.4
CVSS 3.1 · NVD
Share

Severity by source

Vendor (GitHub_M) PRIMARY
MEDIUM
qualitative
NVD
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
vuln.today AI
5.4 MEDIUM

PR:L confirmed by account requirement; I:L added over original I:N because unauthorized actions are performed against admin-provisioned credentials, representing a real integrity boundary violation.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

3
CVSS changed
Jul 10, 2026 - 02:52 NVD
4.3 (MEDIUM) 5.4 (MEDIUM)
Patch available
Jul 09, 2026 - 18:01 EUVD
Analysis Generated
Jul 09, 2026 - 17:20 vuln.today

DescriptionNVD

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to invoke server-side image editing with administrator-configured provider credentials. This issue is fixed in version 0.10.0.

AnalysisAI

Open WebUI versions 0.8.11 through 0.10.0 expose a missing-authorization flaw (CWE-862) on the POST /api/v1/images/edit endpoint, allowing any verified non-admin account to invoke server-side image editing even when administrators have disabled the global image-edit switch or revoked per-user image-generation permissions. The bypass enables unprivileged users to consume admin-configured third-party image provider credentials - exhausting API quotas or generating unauthorized images - undermining deliberate access controls set by the platform operator. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain verified non-admin account
Delivery
Send POST /api/v1/images/edit request
Exploit
Bypass global image-edit toggle check
Execution
Bypass per-user permission check
Persist
Invoke image generation via admin-provisioned credentials
Impact
Exhaust provider API quota or generate unauthorized images

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid verified (non-admin) user account on the Open WebUI instance - unauthenticated access is not sufficient (CVSS PR:L confirmed). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS base score of 4.3 (Medium) accurately reflects the bounded real-world impact: network-accessible (AV:N), low complexity (AC:L), but requiring a valid low-privilege account (PR:L) and producing only low availability impact (A:L) with no confidentiality or integrity impact recorded. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated non-admin user on a shared Open WebUI instance directly calls POST /api/v1/images/edit with crafted image editing parameters. Even though the administrator has disabled the global image-edit toggle or revoked that user's image-generation permission, the endpoint processes the request using admin-configured third-party provider credentials, potentially exhausting API rate limits or incurring unexpected costs. …
Remediation Upgrade to Open WebUI version 0.10.0 or later, which enforces both the global image-edit feature toggle and per-user image-generation permissions on the POST /api/v1/images/edit endpoint. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-7053 CRITICAL POC
9.0 Mar 20

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session

CVE-2024-8017 CRITICAL POC
9.0 Mar 20

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the

CVE-2024-7044 HIGH POC
8.9 Mar 20

A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui

CVE-2024-7806 HIGH POC
8.8 Mar 20

A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Sit

CVE-2024-6707 HIGH POC
8.8 Aug 07

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traver

CVE-2025-65959 HIGH POC
8.7 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a St

CVE-2025-65958 HIGH POC
8.5 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Se

CVE-2024-7990 HIGH POC
8.4 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. Rated high severity (CV

CVE-2024-8053 HIGH POC
8.2 Mar 20

In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing u

CVE-2024-7034 HIGH POC
7.2 Mar 20

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handlin

CVE-2024-7959 HIGH POC
7.7 Mar 20

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2024-12537 HIGH POC
7.5 Mar 20

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker

Share

EUVD-2026-42618 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy