PT-2026-56884 · Openwebui · Open-Webui
Publicado
2026-07-09
·
Atualizado
2026-07-09
·
CVE-2026-59219
CVSS v3.1
7.1
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode token without the Redis-backed is valid token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.
Correção
Insufficient Session Expiration
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Open-Webui