CVE-2026-59215
Received Received - Intake

Information Disclosure in Open WebUI via Thread Context Leak

Vulnerability report for CVE-2026-59215, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parent_id to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose thread context across channels. This issue is fixed in version 0.10.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
open_webui open_webui 0.10.0
open_webui open_webui to 0.10.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Open WebUI versions prior to 0.10.0 where the system did not properly verify that a thread parent message belonged to the channel specified in the URL. An authenticated user could exploit this by referencing a message ID from another private or direct message channel, allowing them to access thread messages and context from channels they were not authorized to view.

The root cause was that the backend functions only checked the channel ID in the URL but did not confirm that the parent or reply-to message IDs were part of that channel. This flaw allowed unauthorized disclosure of private messages across channels.

The issue was fixed in version 0.10.0 by enforcing that the thread parent and reply-to message IDs must belong to the requested channel, rejecting any requests that attempt to access messages outside the specified channel.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of private or direct message channel content. An attacker with valid authentication but limited channel access could retrieve messages, including content, channel IDs, and author details, from channels they do not belong to.

Such unauthorized access compromises the confidentiality of private communications, potentially exposing sensitive or confidential information to unauthorized users.

The severity is considered low with a CVSS score of 3.1, requiring low privileges and no user interaction, but it still poses a privacy risk.

Detection Guidance

This vulnerability involves unauthorized access to private channel messages by manipulating thread parent or reply message IDs in API requests. Detection involves monitoring API requests to the endpoint /api/v1/channels/{id}/messages/{message_id}/thread for suspicious usage of parent_id or reply_to_id parameters that reference messages outside the authorized channel.

You can detect potential exploitation attempts by inspecting logs or capturing traffic for requests where the thread parent or reply message IDs do not belong to the channel specified in the URL.

  • Use network traffic inspection tools (e.g., Wireshark or tcpdump) to filter HTTP requests to the thread message API endpoint and analyze the parameters.
  • Check application logs for API calls to /api/v1/channels/*/messages/*/thread where parent_id or reply_to_id parameters are set to message IDs from channels the user should not have access to.
  • Example command to search logs for suspicious thread requests (assuming logs contain JSON or text entries): grep -E '/api/v1/channels/[0-9a-f]+/messages/[0-9a-f]+/thread' /path/to/logfile | grep -E 'parent_id|reply_to_id'
Mitigation Strategies

The primary mitigation is to upgrade Open WebUI to version 0.10.0 or later, where the vulnerability has been fixed by enforcing that thread parent and reply message IDs must belong to the requested channel.

Until the upgrade can be applied, restrict access to the affected API endpoints to trusted users only, and monitor for suspicious API requests that attempt to access thread messages across channels.

  • Upgrade Open WebUI to version 0.10.0 or newer.
  • Restrict or monitor access to the /api/v1/channels/{id}/messages/{message_id}/thread endpoint.
  • Implement logging and alerting on suspicious thread message requests referencing parent or reply IDs outside the authorized channel.
Compliance Impact

This vulnerability allows authenticated users to access private messages from channels they do not belong to by exploiting improper validation of thread parent message IDs. Such unauthorized disclosure of private or direct message content can lead to exposure of sensitive personal or confidential information.

Exposure of private communications may violate data protection regulations such as GDPR or HIPAA, which require strict controls on access to personal and sensitive data to ensure confidentiality and privacy.

By allowing cross-channel message disclosure, the vulnerability undermines proper data isolation and access controls, potentially leading to non-compliance with these standards until the issue is fixed.

The issue was addressed in Open WebUI version 0.10.0 by enforcing that thread parent and reply message IDs must belong to the requested channel, preventing unauthorized data exposure and helping restore compliance with privacy and security requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59215. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart