Sensitive Information Exposure in Open WebUI AI Platform
CVE-2026-59222
6MEDIUM
What is CVE-2026-59222?
The Open WebUI platform, widely known for its robust self-hosted AI capabilities, has a significant vulnerability in its API that affects versions from 0.7.0 up to 0.9.0. This vulnerability allows unauthorized channel participants to access sensitive user information, including personal settings and webhook configurations through the GET /api/v1/channels//members endpoint. This flaw can lead to unauthorized data retrieval, raising concerns about user privacy and security. The issue has been addressed in version 0.10.0, which patches the data exposure.
Affected Version(s)
open-webui >= 0.7.0, < 0.10.0
