Skip to main content

Open WebUI EUVDEUVD-2026-42623

| CVE-2026-59715 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-07-09 GitHub_M
6.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (GitHub_M) PRIMARY
LOW
qualitative
NVD
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
vuln.today AI
3.7 LOW

Handlers explicitly require no authentication per the advisory (PR:N), but AC:H reflects that useful exploitation requires knowing active document session identifiers unavailable to a blind external attacker.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Severity Changed
Jul 10, 2026 - 02:52 NVD
LOW MEDIUM
CVSS changed
Jul 10, 2026 - 02:52 NVD
3.1 (LOW) 6.5 (MEDIUM)
Patch available
Jul 09, 2026 - 18:01 EUVD
Analysis Generated
Jul 09, 2026 - 17:19 vuln.today

DescriptionNVD

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with always_connect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requiring an authenticated user, allowing unauthorized manipulation of document collaboration state. This issue is fixed in version 0.10.0.

AnalysisAI

Unauthenticated manipulation of collaborative document state is possible in Open WebUI versions 0.6.16 through 0.9.x, where the Socket.IO server's always_connect=True configuration allows the ydoc:awareness:update and ydoc:document:leave event handlers to process requests from any connected client regardless of identity. An attacker with network access to the platform can inject false collaborative presence data or trigger spurious document-leave events, disrupting active collaboration sessions for legitimate users. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Open WebUI instance on network
Delivery
Connect to Socket.IO endpoint without credentials
Exploit
Enumerate or infer active document session identifiers
Execution
Emit malicious ydoc:awareness:update or ydoc:document:leave event
Impact
Corrupt shared collaboration awareness state

Vulnerability AssessmentAI

Exploitation The Yjs/YDoc collaborative document feature must be active and in use on the target Open WebUI instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS base score of 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) reflects a low-severity finding, but the vector contains a notable inconsistency with the description: the advisory explicitly states the handlers accept events 'without requiring an authenticated user,' which implies PR:N rather than PR:L. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to an Open WebUI instance connects to the Socket.IO endpoint without credentials - permitted because always_connect=True bypasses the authentication gate - then emits crafted ydoc:awareness:update events referencing an active document session to inject false cursor or presence data, or sends ydoc:document:leave to silently remove legitimate collaborators from their sessions. No public proof-of-concept code is known to exist, but the vulnerable event names are identifiable from Open WebUI's public source repository, lowering the knowledge barrier for a targeted attacker.
Remediation Upgrade Open WebUI to version 0.10.0 or later; the fix was introduced in commit 22f2fe1ffb66c993dad1e0b2b35514acaed2370e via pull request #25946 and the patched release is available at https://github.com/open-webui/open-webui/releases/tag/v0.10.0. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-7053 CRITICAL POC
9.0 Mar 20

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session

CVE-2024-8017 CRITICAL POC
9.0 Mar 20

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the

CVE-2024-7044 HIGH POC
8.9 Mar 20

A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui

CVE-2024-7806 HIGH POC
8.8 Mar 20

A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Sit

CVE-2024-6707 HIGH POC
8.8 Aug 07

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traver

CVE-2025-65959 HIGH POC
8.7 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a St

CVE-2025-65958 HIGH POC
8.5 Dec 04

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Se

CVE-2024-7990 HIGH POC
8.4 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. Rated high severity (CV

CVE-2024-8053 HIGH POC
8.2 Mar 20

In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing u

CVE-2024-7034 HIGH POC
7.2 Mar 20

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handlin

CVE-2024-7959 HIGH POC
7.7 Mar 20

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2024-12537 HIGH POC
7.5 Mar 20

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker

Share

EUVD-2026-42623 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy