Path Traversal Vulnerability in Open WebUI AI Platform
CVE-2026-59221

7.7HIGH

Key Information:

Vendor

Open-webui

Vendor
CVE Published:
9 July 2026

What is CVE-2026-59221?

Open WebUI, an extensible and user-friendly self-hosted AI platform, is susceptible to a path traversal vulnerability in versions prior to 0.10.0. The flaw resides in the _sanitize_proxy_path function located in backend/open_webui/routers/terminals.py, which improperly decodes proxy paths only eight times. This limitation allows an attacker to exploit a nine-times percent-encoded ../ traversal value, bypassing normalization checks. As a result, malicious input can be decoded by the upstream terminal server, potentially leading to unauthorized access to system files. This issue has been addressed in version 0.10.0, and it is recommended that users upgrade to this version to mitigate the risk.

Affected Version(s)

open-webui >= 0.9.6, < 0.10.0

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.