CVE-2026-59224
Received Received - Intake

Terminal Command Injection in Open WebUI

Vulnerability report for CVE-2026-59224, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal backend resolve another user identity; the HTTP proxy path also forwarded X-User-Id as an integrity-unbound identity claim. This issue is fixed in version 0.10.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
open_webui open_webui to 0.10.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability allows an attacker to impersonate another user's identity and gain unauthorized access to their terminal session. This unauthorized access to user data and sessions can lead to violations of data protection and privacy regulations such as GDPR and HIPAA, which require strict controls over user identity verification and access to sensitive information.

Specifically, the injection flaw in the session_id parameter enables attackers to spoof user identities, potentially exposing personal or sensitive data without proper authorization. Such exposure or unauthorized access conflicts with compliance requirements for confidentiality, integrity, and access control mandated by these standards.

Therefore, until fixed (in version 0.10.0), this vulnerability poses a risk to compliance with common standards and regulations that mandate secure identity management and protection of user data.

Executive Summary

CVE-2026-59224 is a vulnerability in Open WebUI's terminal WebSocket functionality where the session_id parameter was directly inserted into the upstream WebSocket URL without proper encoding or validation.

This allowed attackers to inject special URL characters into the session_id, manipulating query parameters and causing the system to resolve a spoofed user identity.

As a result, an authenticated user could impersonate another user by gaining access to their terminal session.

The issue was fixed by encoding the session_id to neutralize special characters, ensuring only the legitimate user_id query parameter is processed.

Impact Analysis

This vulnerability can allow an attacker to impersonate another user by injecting a spoofed user_id into the terminal WebSocket connection.

Such impersonation grants unauthorized access to another user's terminal session, potentially exposing sensitive data or allowing malicious actions within that session.

Because the terminal proxy forwards user identity without integrity checks, attackers can exploit this to attach to live PTY sessions of other users.

Detection Guidance

This vulnerability can be detected by monitoring WebSocket connections to the Open WebUI terminal backend for suspicious or malformed session_id parameters that include URL metacharacters such as '?' or '&'. These characters may indicate an injection attempt to spoof user identities.

You can inspect HTTP proxy requests or WebSocket upgrade requests that forward the X-User-Id header or contain session_id parameters in the URL path.

  • Use network traffic capture tools like tcpdump or Wireshark to filter WebSocket upgrade requests to the terminal backend.
  • Example tcpdump command to capture WebSocket upgrade requests on port 80 or 443:
  • tcpdump -i any -A 'tcp port 80 or tcp port 443 and (((tcp[((tcp[12:1] & 0xf0) >> 2):4]) = 0x47455420) or ((tcp[((tcp[12:1] & 0xf0) >> 2):4]) = 0x50535420))' | grep -i 'upgrade: websocket'
  • Inspect captured requests for session_id parameters containing suspicious characters.
  • Check server logs for requests to the terminal WebSocket endpoint with unusual session_id values or multiple user_id query parameters.
Mitigation Strategies

The primary mitigation is to upgrade Open WebUI to version 0.10.0 or later, where the vulnerability is fixed by properly encoding the session_id parameter to neutralize special characters.

If upgrading immediately is not possible, consider implementing strict input validation and encoding on the session_id parameter to prevent injection of URL metacharacters.

Additionally, ensure that the HTTP proxy or terminal backend validates and binds the forwarded user identity with integrity checks, such as signed claims, to prevent spoofing.

Monitor and restrict access to the terminal WebSocket endpoint to trusted users only.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart