CVE-2026-59219

HIGH
Published July 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed...

Full CISO analysis pending enrichment.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
Open WebUI pip No patch
144.2K Pushed 7d ago 67% patched ~5d to patch Full package profile →

Do you use Open WebUI? You're affected.

How severe is it?

CVSS 3.1
7.1 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR Low
UI None
S Unchanged
C High
I Low
A None

What should I do?

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-59219?

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.

Is CVE-2026-59219 actively exploited?

No confirmed active exploitation of CVE-2026-59219 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-59219?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-59219?

CVE-2026-59219 has a CVSS v3.1 base score of 7.1 (HIGH).

What are the technical details?

Original Advisory

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.

Weaknesses (CWE)

CWE-613 — Insufficient Session Expiration: According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

  • [Implementation] Set sessions/credentials expiration date.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Timeline

Published
July 9, 2026
Last Modified
July 9, 2026
First Seen
July 9, 2026

Related Vulnerabilities