CVE-2026-59216
Open WebUI · Open WebUI
Open WebUI is vulnerable to code injection, unauthorized information exposure, and authorization bypass, allowing authenticated users with specific access to impact the platform's integrity.
Executive summary
A high-severity security vulnerability in Open WebUI allows authenticated attackers to perform code injection and bypass authorization controls, potentially leading to unauthorized system access.
Vulnerability
This vulnerability involves multiple weaknesses, including Improper Control of Generation of Code (CWE-94), Exposure of Sensitive Information (CWE-200), and Authorization Bypass through user-controlled keys (CWE-639). The attack requires an authenticated user to perform these actions, which can result in significant impact on the platform's security.
Business impact
The exploitation of this vulnerability poses a severe risk to organizational data and system integrity. With a CVSS score of 7.7, the ability for an authenticated attacker to inject code or bypass authorization mechanisms can lead to unauthorized access to sensitive AI models, configuration data, or internal system processes, potentially resulting in complete compromise of the platform.
Remediation
Immediate Action: Upgrade Open WebUI to version 0.10.0 or later to resolve the underlying code injection and authorization flaws.
Proactive Monitoring: Review system and application access logs for unusual activity, specifically focusing on unauthorized API calls or unexpected code execution patterns.
Compensating Controls: Implement strict network segmentation and utilize a Web Application Firewall (WAF) to filter suspicious requests that may attempt to exploit injection vectors while the update is being staged.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The combination of code injection and authorization bypass vulnerabilities presents a critical risk to the Open WebUI platform. Administrators must prioritize updating to version 0.10.0 immediately to eliminate these attack vectors and protect sensitive AI-driven workflows from unauthorized manipulation.