CVE-2026-59219 in Open WebUIinfo

Summary

by MITRE • 07/09/2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/09/2026

The vulnerability resides within the Open WebUI platform version 0.9.0 through 0.10.0 when Redis is configured for session management. The core flaw involves improper authentication handling during WebSocket connections that utilize Socket.IO for real-time communication. Specifically, the system employs JWT tokens for user authentication but fails to implement proper token revocation checking mechanisms before establishing websocket connections. When users join channels, notes, or access terminal functionalities through websocket connections, the system processes the initial message without verifying whether the JWT token has been revoked through Redis-backed token validation.

This authentication bypass represents a critical security weakness that allows compromised or revoked user sessions to maintain access to real-time platform features. The vulnerability affects multiple websocket endpoints including connect, user-join, join-channels, join-note, and terminal websocket first-message handling. The system's failure to implement the is_valid_token revocation check creates a persistent authentication loophole where previously valid tokens can continue functioning even after being invalidated through proper session management protocols. This weakness directly violates standard security practices for token-based authentication systems.

The operational impact of this vulnerability extends beyond simple unauthorized access to include potential data exfiltration, privilege escalation, and continued exploitation of platform resources by compromised users. Attackers who obtain valid JWT tokens can maintain persistent connections to real-time features even after their sessions should have been terminated or revoked. The Redis-backed session management system was designed to provide token revocation capabilities but the implementation failed to enforce these checks during websocket authentication processes, creating a significant security gap in the platform's access control mechanisms.

The remediation for this vulnerability requires implementing proper token validation during all websocket connection establishment phases by ensuring that each JWT token undergoes verification against Redis-backed token revocation lists before granting access to real-time features. This fix addresses the fundamental flaw where decode_token was called without the critical is_valid_token check that would prevent revoked tokens from accessing platform resources. The implementation should follow established security protocols for token management and WebSocket authentication as outlined in industry standards such as those referenced in CWE-306 and ATT&CK techniques related to credential exposure and session management flaws. Version 0.10.0 contains the necessary fixes to properly implement token revocation checking during websocket connection establishment, ensuring that revoked sessions cannot continue to access platform features through real-time communication channels.

Responsible

GitHub M

Reservation

07/02/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!