Vulnerability in Open WebUI Affects User Permissions for Image Editing
CVE-2026-59227
4.3MEDIUM
What is CVE-2026-59227?
Open WebUI, a robust self-hosted AI platform, contained a significant vulnerability within its image editing features. Versions prior to 0.10.0 permitted non-admin users to access advanced image editing functionalities by only requiring a verified account, without enforcing proper permission checks. This flaw exposes the platform to potential misuse, allowing unauthorized users to edit images using administrator credentials. The issue has been rectified starting from version 0.10.0, which implements necessary security measures to ensure compliance with user permissions.
Affected Version(s)
open-webui >= 0.8.11, < 0.10.0
