Path Traversal Vulnerability in Open WebUI AI Platform
CVE-2026-59221
7.7HIGH
What is CVE-2026-59221?
Open WebUI, an extensible and user-friendly self-hosted AI platform, is susceptible to a path traversal vulnerability in versions prior to 0.10.0. The flaw resides in the _sanitize_proxy_path function located in backend/open_webui/routers/terminals.py, which improperly decodes proxy paths only eight times. This limitation allows an attacker to exploit a nine-times percent-encoded ../ traversal value, bypassing normalization checks. As a result, malicious input can be decoded by the upstream terminal server, potentially leading to unauthorized access to system files. This issue has been addressed in version 0.10.0, and it is recommended that users upgrade to this version to mitigate the risk.
Affected Version(s)
open-webui >= 0.9.6, < 0.10.0
