PT-2026-56832 · Openwebui · Open-Webui
Publicado
2026-07-09
·
Atualizado
2026-07-09
·
CVE-2026-59715
CVSS v3.1
3.1
Baixa
| Vetor | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with always connect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requiring an authenticated user, allowing unauthorized manipulation of document collaboration state. This issue is fixed in version 0.10.0.
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Open-Webui