CVE-2026-59216
Received Received - Intake

Open WebUI Code Execution via Socket.IO Session Hijacking

Vulnerability report for CVE-2026-59216, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learned another socket ID through ydoc:document:join to run code interpreter Python or tools in that user session. This issue is fixed in version 0.10.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
open_webui open_webui to 0.10.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

CVE-2026-59216 allows authenticated low-privilege users to execute arbitrary code or tools in another user's authenticated session, potentially leading to unauthorized access and control over user sessions.

Such unauthorized access and potential remote code execution could lead to breaches of confidentiality, integrity, and availability of user data, which are critical concerns under regulations like GDPR and HIPAA.

If sensitive personal or health data is processed or stored within Open WebUI sessions, this vulnerability could result in non-compliance with data protection requirements, including unauthorized data access or manipulation.

Therefore, until patched, this vulnerability poses a risk to compliance with common standards and regulations that mandate strict access controls and protection of user data.

Executive Summary

CVE-2026-59216 is a security vulnerability in Open WebUI versions prior to 0.10.0 where the system did not properly verify ownership of a session when handling Socket.IO events. Specifically, the get_event_call function delivered execute:python and execute:tool events to a client-supplied session_id after only checking that the session was connected, without confirming that the session belonged to the requesting user.

This flaw allowed authenticated users who could obtain another user's socket ID (for example, through the ydoc:document:join feature) to execute arbitrary Python code or tools within that other user's session. The vulnerability was fixed in version 0.10.0 by adding a check to ensure the target session is owned by the requesting user before allowing such event execution.

Impact Analysis

This vulnerability can allow an authenticated low-privilege user to execute arbitrary code or tools within another user's authenticated session. If the targeted user has elevated privileges, such as an administrator, the attacker could gain access to admin-only APIs and potentially execute remote code as the server process, which may run with root privileges in the default container.

Such unauthorized code execution can lead to session hijacking, data compromise, unauthorized actions performed on behalf of the victim, and potentially full system compromise depending on the victim's privileges.

Detection Guidance

This vulnerability involves unauthorized execution of code or tools in another user's session by exploiting improper session ownership validation in Socket.IO events.

Detection can focus on monitoring suspicious Socket.IO event activity where execute:python or execute:tool events are delivered to sessions not owned by the requesting user.

Since the system logs warnings and returns error responses when session ownership checks fail (as per the patch), reviewing application logs for such warnings can help detect exploitation attempts.

Network-level detection might involve capturing and analyzing Socket.IO traffic to identify events where session_id parameters do not match the authenticated user's session.

  • Check application logs for warnings related to session ownership verification failures.
  • Use network packet capture tools (e.g., tcpdump, Wireshark) to monitor Socket.IO traffic for suspicious execute:python or execute:tool events with mismatched session_ids.
  • If the Open WebUI exposes APIs or debugging endpoints, use commands like `curl` or `http` to query session information and verify session ownership consistency.
Mitigation Strategies

The primary mitigation is to upgrade Open WebUI to version 0.10.0 or later, where the vulnerability is fixed by enforcing session ownership checks before executing code or tools.

Until the upgrade can be applied, restrict access to the Open WebUI platform to trusted users only, minimizing the risk of an attacker exploiting the vulnerability.

Monitor logs for suspicious activity indicating attempts to exploit session hijacking and respond accordingly.

  • Upgrade Open WebUI to version 0.10.0 or later.
  • Restrict network access to the Open WebUI service to trusted users.
  • Review and monitor application logs for warnings related to session ownership verification failures.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59216. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart