| Vendor | Product | Version Range | Status |
|---|---|---|---|
| open-webui | open-webui | >= 0.6.16, < 0.10.0 | affected |
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| open-webui | open-webui | >= 0.6.16, < 0.10.0 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-59224 | 8.0 HIGH | Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the up |
| CVE-2026-59216 | 7.7 HIGH | Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event |
| CVE-2026-59221 | 7.7 HIGH | open-webui terminal proxy path traversal guard bypass via 9x encoded traversal |
| CVE-2026-59214 | 7.3 HIGH | Open WebUI: Stored web worker XSS via Pyodide |
| CVE-2026-59219 | 7.1 HIGH | Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout |
| CVE-2026-59220 | 6.5 MEDIUM | Open WebUI: ReDoS in skill-mention regexes causes whole-instance DoS on default config |
| CVE-2026-59212 | 5.4 MEDIUM | Open WebUI: Model meta.knowledge read-only file access can be upgraded to file write/delet |
| CVE-2026-59225 | 5.4 MEDIUM | Open WebUI: Arena task endpoints can bypass underlying model access controls |
| CVE-2026-59218 | 5.3 MEDIUM | Open WebUI: Account enumeration via observable login timing discrepancy |
| CVE-2026-59227 | 4.3 MEDIUM | Open WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-use |
| CVE-2026-59217 | 4.3 MEDIUM | Open WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check |
| CVE-2026-59223 | 4.3 MEDIUM | Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and no |
| CVE-2026-59213 | 3.5 LOW | Open WebUI: Cross-user model-list exposure via static cache key in get_all_models (aiocach |
| CVE-2026-59226 | 3.1 LOW | Open WebUI: Scheduled automations continue after pending-user deactivation and stored mode |
| CVE-2026-59215 | 3.1 LOW | Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_ |
| CVE-2026-59222 | Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive cred |
No comments yet