Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-59219

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-09 Jul, 2026 | 16:43
Updated At-09 Jul, 2026 | 17:30
Rejected At-
Credits

Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:09 Jul, 2026 | 16:43
Updated At:09 Jul, 2026 | 17:30
Rejected At:
â–¼CVE Numbering Authority (CNA)
Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.

Affected Products
Vendor
open-webui
Product
open-webui
Versions
Affected
  • >= 0.9.0, < 0.10.0
Problem Types
TypeCWE IDDescription
CWECWE-613CWE-613: Insufficient Session Expiration
Type: CWE
CWE ID: CWE-613
Description: CWE-613: Insufficient Session Expiration
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw
x_refsource_CONFIRM
https://github.com/open-webui/open-webui/commit/33b91bd8ae8a100a5a306c91441a7d0b422c4cde
x_refsource_MISC
https://github.com/open-webui/open-webui/releases/tag/v0.10.0
x_refsource_MISC
Hyperlink: https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/open-webui/open-webui/commit/33b91bd8ae8a100a5a306c91441a7d0b422c4cde
Resource:
x_refsource_MISC
Hyperlink: https://github.com/open-webui/open-webui/releases/tag/v0.10.0
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw
exploit
Hyperlink: https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:09 Jul, 2026 | 17:17
Updated At:10 Jul, 2026 | 18:17

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

openwebui
openwebui
>>open_webui>>Versions from 0.9.0(inclusive) to 0.10.0(exclusive)
cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-613Secondarysecurity-advisories@github.com
CWE ID: CWE-613
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/open-webui/open-webui/commit/33b91bd8ae8a100a5a306c91441a7d0b422c4cdesecurity-advisories@github.com
Patch
https://github.com/open-webui/open-webui/releases/tag/v0.10.0security-advisories@github.com
Product
Release Notes
https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjwsecurity-advisories@github.com
Mitigation
Vendor Advisory
Exploit
https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw134c704f-9b21-4f2e-91b3-4a467353bcc0
Mitigation
Vendor Advisory
Exploit
Hyperlink: https://github.com/open-webui/open-webui/commit/33b91bd8ae8a100a5a306c91441a7d0b422c4cde
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/open-webui/open-webui/releases/tag/v0.10.0
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw
Source: security-advisories@github.com
Resource:
Mitigation
Vendor Advisory
Exploit
Hyperlink: https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Mitigation
Vendor Advisory
Exploit

Change History

0
Information is not available yet

Similar CVEs

10Records found

CVE-2026-45349
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.97%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 19:20
Updated-19 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: Broken Access Control for Completions API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key (generated in OWUI) and the Chat ID of another user to continue the conversation of the other user. This vulnerability is fixed in 0.9.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-45350
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.54%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 21:23
Updated-18 May, 2026 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: Chat completion API allows tool restrictions to be bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chat_completion API, the parameters tool_ids and tool_servers are supplied by the user. These parameters are used to create a tools_dict by the middleware. This is then used by get_tool_by_id to retrieve the appropriate tool. However, there is no checks in that ensures the user that uses the API has permission to use the tool, meaning that a user can invoke any server tool by supplying the correct tool_id or tool_servers parameters via the chat completion API. Moreover, the authentication token stored in the server would be used when invoking the tool, so the tool will be invoked with the server privilege. This vulnerability is fixed in 0.8.6.

Action-Not Available
Vendor-open-webui
Product-open-webui
CWE ID-CWE-862
Missing Authorization
CVE-2025-65958
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-4.12% / 89.65%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 19:55
Updated-10 Dec, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-56400
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-9||CRITICAL
EPSS-0.28% / 20.11%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 11:25
Updated-16 Jul, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with allow_origins=* and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests from attacker-controlled websites when an admin user visits them.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-44553
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.28% / 20.41%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 19:54
Updated-19 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin privileges within their existing Socket.IO session for as long as they keep the connection alive (via automatic heartbeats). The gap is exclusive to the Socket.IO session cache. This vulnerability is fixed in 0.9.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-46657
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.90%
||
7 Day CHG~0.00%
Published-08 Jun, 2026 | 15:05
Updated-09 Jun, 2026 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear the associated tokenAuth and tokenRemember fields in the JSON database. Consequently, any user with a pre-existing "Remember Me" cookie can bypass the account disablement and maintain a valid authenticated state. Version 3.22.0 patches the issue.

Action-Not Available
Vendor-bludit
Product-bludit
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-34828
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.30% / 21.96%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:32
Updated-15 Apr, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
listmonk: Active sessions remain valid after password reset and password change

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the account even after the victim changes or resets their password. This weakens account recovery and session security guarantees. This issue has been patched in version 6.1.0.

Action-Not Available
Vendor-nadhknadh
Product-listmonklistmonk
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2023-40025
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 38.55%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 19:12
Updated-01 Oct, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Argo CD web terminal session doesn't expire

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.

Action-Not Available
Vendor-argoprojargoproj
Product-argo_cdargo-cd
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-0991
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.2||HIGH
EPSS-1.00% / 58.79%
||
7 Day CHG~0.00%
Published-19 Mar, 2022 | 07:35
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Session Expiration in admidio/admidio

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.

Action-Not Available
Vendor-Admidio
Product-admidioadmidio/admidio
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-30262
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.50% / 39.20%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 16:45
Updated-09 Jan, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contao's remember-me tokens will not be cleared after a password change

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable "Allow auto login" in the login module.

Action-Not Available
Vendor-Contao Association
Product-contaocontao
CWE ID-CWE-384
Session Fixation
CWE ID-CWE-613
Insufficient Session Expiration
Details not found