Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the tool_servers and terminal_servers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database (a supported and documented deployment pattern, e.g., for multi-region deployments, blue-green setups, or cluster topologies), the unprefixed keys collide. An admin on Instance A writing to tool_servers overwrites the value read by Instance B — causing Instance B's users to receive Instance A's tool server configuration. This vulnerability is fixed in 0.9.0.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-668 | CWE-668: Exposure of Resource to Wrong Sphere |
Type: CWE
Description: CWE-668: Exposure of Resource to Wrong Sphere
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 3.1 | 8.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N