Vulnerability in Open WebUI Affects Automation Features
CVE-2026-59226
3.1LOW
What is CVE-2026-59226?
An issue in Open WebUI versions 0.9.0 prior to 0.10.0 allows automation owners to be rehydrated without verifying their active status, thereby letting deactivated users continue executing scheduled tasks. This flaw stems from inadequate enforcement of user roles for accessing models, which could lead to unauthorized execution of automation features. The vulnerability has been addressed in version 0.10.0.
Affected Version(s)
open-webui >= 0.9.0, < 0.10.0
