PT-2026-56832 · Openwebui · Open-Webui

Publicado

2026-07-09

·

Atualizado

2026-07-09

·

CVE-2026-59715

CVSS v3.1

3.1

Baixa

VetorAV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with always connect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requiring an authenticated user, allowing unauthorized manipulation of document collaboration state. This issue is fixed in version 0.10.0.

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-59715

Produtos afetados

Open-Webui