PT-2026-56884 · Openwebui · Open-Webui

Publicado

2026-07-09

·

Atualizado

2026-07-09

·

CVE-2026-59219

CVSS v3.1

7.1

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode token without the Redis-backed is valid token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.

Correção

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-59219

Produtos afetados

Open-Webui