Vulnerability in Open WebUI Affects Automation Features
CVE-2026-59226

3.1LOW

Key Information:

Vendor

Open-webui

Vendor
CVE Published:
9 July 2026

What is CVE-2026-59226?

An issue in Open WebUI versions 0.9.0 prior to 0.10.0 allows automation owners to be rehydrated without verifying their active status, thereby letting deactivated users continue executing scheduled tasks. This flaw stems from inadequate enforcement of user roles for accessing models, which could lead to unauthorized execution of automation features. The vulnerability has been addressed in version 0.10.0.

Affected Version(s)

open-webui >= 0.9.0, < 0.10.0

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.