Vulnerability in Open WebUI Affects User Permissions for Image Editing
CVE-2026-59227

4.3MEDIUM

Key Information:

Vendor

Open-webui

Vendor
CVE Published:
9 July 2026

What is CVE-2026-59227?

Open WebUI, a robust self-hosted AI platform, contained a significant vulnerability within its image editing features. Versions prior to 0.10.0 permitted non-admin users to access advanced image editing functionalities by only requiring a verified account, without enforcing proper permission checks. This flaw exposes the platform to potential misuse, allowing unauthorized users to edit images using administrator credentials. The issue has been rectified starting from version 0.10.0, which implements necessary security measures to ensure compliance with user permissions.

Affected Version(s)

open-webui >= 0.8.11, < 0.10.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.