CVE-2026-59221
Received Received - Intake

Path Traversal in Open WebUI

Vulnerability report for CVE-2026-59221, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _sanitize_proxy_path in backend/open_webui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks and be decoded by the upstream terminal server. This issue is fixed in version 0.10.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
open_webui open_webui From 0.9.6 (inc) to 0.10.0 (exc)
open_webui open_webui to 0.10.0 (exc)
open_webui open_webui 0.10.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-59221 is a path traversal vulnerability in Open WebUI versions from 0.9.6 before 0.10.0. The vulnerability arises because the function responsible for sanitizing proxy paths, `_sanitize_proxy_path`, only decodes percent-encoded paths up to eight times. If a path is encoded nine times or more, it bypasses normalization checks and is forwarded to the upstream terminal server still partially encoded.

This allows an attacker with access to an admin-configured terminal connection to send requests to unintended paths outside the allowed proxy path by using a specially crafted path with excessive percent-encoding. The upstream server then decodes this path fully, enabling directory traversal such as accessing `/base/../admin/system`.

The root cause is an incomplete fix from a previous vulnerability where the decoding loop had a fixed cap rather than decoding until the path was stable. This flaw allows bypassing the path traversal guard without requiring malicious terminal servers or administrative changes.

Impact Analysis

This vulnerability can allow an attacker with access to an existing terminal connection to bypass proxy path traversal protections and access restricted or unintended filesystem paths on the server.

  • Unauthorized access to sensitive or restricted directories and files.
  • Potential Server-Side Request Forgery (SSRF) by manipulating forwarded requests.
  • Compromise of confidentiality due to exposure of sensitive data.

The vulnerability has a high severity rating with a CVSS score of 7.7, indicating it is exploitable over the network with low complexity and no user interaction, but can lead to significant confidentiality impact.

Detection Guidance

This vulnerability involves a path traversal attack using 9-times percent-encoded sequences that bypass the sanitization checks in Open WebUI versions >= 0.9.6 and < 0.10.0. Detection involves monitoring terminal proxy path requests for suspiciously encoded traversal sequences such as repeated %2E%2E%2F patterns.

You can detect attempts by inspecting logs or network traffic for proxy paths containing multiple layers of percent-encoding, especially those that decode to '../' sequences after multiple decoding passes.

Suggested commands include using tools like grep or tcpdump to filter for suspicious encoded paths:

  • grep -iE '%2E%2E%2F|%252E%252E%252F' /path/to/openwebui/logs/*
  • tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep -i '%2E%2E%2F'

Additionally, monitoring terminal proxy requests for unusual path traversal patterns or unexpected upstream path accesses can help identify exploitation attempts.

Mitigation Strategies

The primary mitigation is to upgrade Open WebUI to version 0.10.0 or later, where the vulnerability is fixed by rejecting paths that remain percent-encoded after decoding attempts.

If upgrading immediately is not possible, restrict access to the terminal proxy connections to trusted users only, as exploitation requires access to an existing terminal connection.

Implement network-level controls to monitor and block requests containing suspiciously encoded traversal sequences.

Review and apply any available patches or configuration changes that enforce stricter input validation and decoding limits as recommended in the security advisory.

Compliance Impact

CVE-2026-59221 is a high severity path traversal vulnerability that allows attackers with access to an admin-configured terminal connection to bypass proxy path traversal guards and access unauthorized or restricted paths. This unauthorized access can lead to exposure of sensitive data or system components.

Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR or HIPAA, which require strict controls on access to sensitive personal or health information and mandate protection against unauthorized data disclosure.

The vulnerability enables confidentiality impact without requiring user interaction, increasing the risk of data breaches that could violate these regulatory requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart