CVE-2026-59221

open-webui · open-webui

Open WebUI is susceptible to path traversal and server-side request forgery (SSRF) vulnerabilities.

Executive summary

Path traversal and SSRF vulnerabilities in open-webui allow attackers to access restricted resources, necessitating an immediate update to version 0.10.0.

Vulnerability

The product fails to properly sanitize pathnames and validate requests, leading to path traversal (CWE-22) and server-side request forgery (CWE-918). These issues allow an authenticated attacker to read sensitive files or interact with internal network services.

Business impact

With a CVSS score of 7.7, this vulnerability presents a high risk to the confidentiality of the AI platform and the internal network. Attackers can potentially access configuration files, credentials, or internal APIs, which may lead to deeper infiltration of the corporate environment.

Remediation

Immediate Action: Upgrade to open-webui version 0.10.0 or later to patch the path handling and request validation mechanisms.

Proactive Monitoring: Review access logs for suspicious path patterns (e.g., ../) and unusual outbound network requests originating from the web server.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block path traversal attempts and restrict outbound traffic from the application server.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The combination of path traversal and SSRF in an AI platform is highly dangerous. Administrators should prioritize upgrading to version 0.10.0 to remediate these flaws and prevent unauthorized access to the application's underlying filesystem and internal network.