CVE-2026-59224

open-webui · open-webui

Open WebUI is vulnerable to authentication bypass and spoofing, which could allow a remote, authenticated user to achieve total system compromise through cross-site scripting or related vectors.

Executive summary

An authentication bypass and spoofing vulnerability in Open WebUI versions prior to 0.10.0 allows attackers to achieve unauthorized control over the self-hosted AI platform.

Vulnerability

This vulnerability is rooted in improper authentication and spoofing mechanisms. An authenticated attacker can exploit these weaknesses to bypass security controls, potentially leading to unauthorized access and complete compromise of the platform.

Business impact

The CVSS score of 8.0 indicates a high-severity risk. Since Open WebUI is a self-hosted AI platform, a successful exploit could lead to full administrative takeover, unauthorized data access, and the potential for the platform to be used as a pivot point for further attacks within the internal network.

Remediation

Immediate Action: Update Open WebUI to version 0.10.0 or higher immediately to resolve the authentication bypass flaws.

Proactive Monitoring: Review audit logs for suspicious login activity, unauthorized changes to administrative settings, or unexpected session tokens that might indicate an authentication bypass attempt.

Compensating Controls: Restrict network access to the Open WebUI instance using a VPN or IP allowlisting to ensure only trusted users can interact with the interface.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability represents a critical risk to the security of your self-hosted AI infrastructure. Administrators must immediately upgrade to version 0.10.0 to mitigate the risk of authentication bypass and prevent unauthorized access to sensitive system resources.