Sensitive Information Exposure in Open WebUI AI Platform
CVE-2026-59222

6MEDIUM

Key Information:

Vendor

Open-webui

Vendor
CVE Published:
9 July 2026

What is CVE-2026-59222?

The Open WebUI platform, widely known for its robust self-hosted AI capabilities, has a significant vulnerability in its API that affects versions from 0.7.0 up to 0.9.0. This vulnerability allows unauthorized channel participants to access sensitive user information, including personal settings and webhook configurations through the GET /api/v1/channels//members endpoint. This flaw can lead to unauthorized data retrieval, raising concerns about user privacy and security. The issue has been addressed in version 0.10.0, which patches the data exposure.

Affected Version(s)

open-webui >= 0.7.0, < 0.10.0

References

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.