CVE-2026-59220
Received Received - Intake

ReDoS in Open WebUI via Malformed Skill Mentions

Vulnerability report for CVE-2026-59220, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticated chat message containing <$ without a closing > to trigger quadratic backtracking and block the asyncio event loop. This issue is fixed in version 0.10.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
open_webui open_webui to 0.10.0 (exc)
open_webui open_webui 0.10.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-59220 is a Regular Expression Denial of Service (ReDoS) vulnerability in the Open WebUI application versions 0.9.2 to 0.9.9. It arises from two inefficient regular expressions used to parse skill-mention tags in chat messages, specifically those in the format <$skillId|label>. These regexes contain overlapping quantifiers that cause excessive backtracking when processing inputs with an opening '<$' but missing a closing '>'.

This excessive backtracking leads to quadratic time complexity (O(nΒ²)) in regex processing, which blocks the asyncio event loop and freezes the entire application instance until the worker process is restarted. The vulnerability can be triggered by any authenticated user sending a crafted chat message containing such malformed skill mentions.

The issue was introduced in version 0.9.2 and worsened in 0.9.6, and it was fixed in version 0.10.0 by rewriting the regex patterns to remove the overlapping quantifiers causing the problem.

Impact Analysis

This vulnerability can cause a denial of service condition by freezing the Open WebUI application instance. When triggered by a malicious or malformed chat message, the inefficient regex processing consumes excessive CPU resources, blocking the asyncio event loop.

In a default single-worker configuration, this results in the entire application becoming unresponsive for all users until the affected worker process is terminated and restarted.

Therefore, an attacker with authenticated access can disrupt service availability, causing downtime and impacting user experience.

Detection Guidance

This vulnerability can be detected by monitoring for unusually high CPU usage or application freezes in the Open WebUI service, especially when processing chat messages containing skill mention tags in the format <$skillId|label>.

Since the issue is triggered by a crafted or malformed chat message containing an incomplete skill mention tag (e.g., containing <$ without a closing >), detection can involve inspecting logs or chat inputs for such patterns.

There are no specific commands provided in the resources, but general approaches include:

  • Use system monitoring tools like top, htop, or ps to detect high CPU usage or blocked processes related to Open WebUI.
  • Inspect application logs for errors or warnings related to regex processing or message parsing.
  • Search chat message logs or inputs for patterns matching incomplete skill mentions, such as strings containing '<$' without a closing '>'.
Mitigation Strategies

The primary mitigation step is to upgrade Open WebUI to version 0.10.0 or later, where the vulnerable regular expressions have been rewritten to eliminate the problematic overlapping quantifiers causing the denial of service.

Until the upgrade can be applied, consider limiting or filtering authenticated user inputs to prevent messages containing incomplete or malformed skill mention tags that could trigger the vulnerability.

Additionally, if possible, configure Open WebUI to use multiple worker processes to reduce the impact of a single worker being blocked.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart