CVE-2026-59227 in Open WebUI
Summary
by MITRE • 07/09/2026
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to invoke server-side image editing with administrator-configured provider credentials. This issue is fixed in version 0.10.0.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/09/2026
The vulnerability exists within Open WebUI version 0.8.11 through 0.9.x where the image editing endpoint api/v1/images/edit lacks proper access controls despite requiring only verified account authentication. This represents a critical authorization flaw that undermines the platform's security model by allowing unprivileged users to perform administrative image editing operations. The flaw stems from insufficient validation of global configuration settings and per-user permission enforcement during the image editing workflow.
This vulnerability falls under CWE-285 Authorization Flaws, specifically related to inadequate access control mechanisms in web applications. The issue manifests when a non-administrative user attempts to invoke server-side image editing functionality without proper authorization checks. The system fails to verify whether the global image-edit switch is enabled or whether individual users possess the required image-generation permissions before executing the editing operations.
The operational impact of this vulnerability is significant as it enables malicious or unauthorized users to leverage administrator-configured provider credentials for image editing tasks. This creates potential risks including unauthorized content modification, data exfiltration through image processing, and possible abuse of premium service resources. Attackers could exploit this weakness to perform actions that should be restricted to administrative users while maintaining the appearance of legitimate system usage.
The vulnerability aligns with ATT&CK technique T1566.002 for credential access through web application attacks and T1078 for valid accounts abuse. The flaw demonstrates poor privilege separation and inadequate input validation in the authentication flow, allowing lateral movement within the application's permission model. Security controls should enforce proper role-based access control where only authorized users can invoke administrative functions regardless of their account status.
Mitigation strategies include implementing comprehensive access control checks that validate both global configuration settings and per-user permissions before executing image editing operations. The system must verify that the global image-edit switch is enabled and that individual user accounts possess appropriate privileges. Updates should enforce proper authentication context validation and implement role-based access controls that prevent unauthorized users from accessing administrative functions. Additionally, logging and monitoring should track all image editing operations to detect suspicious activities and ensure accountability measures are in place.
The fix implemented in version 0.10.0 addresses these authorization gaps through enhanced permission checking mechanisms. This update ensures that the image editing endpoint properly validates both system-wide configuration settings and individual user permissions before allowing execution of server-side image processing tasks. The security enhancement aligns with industry best practices for maintaining proper access controls and preventing privilege escalation attacks in web-based applications.