PT-2026-56830 · Openwebui · Open-Webui

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-59226

CVSS v3.1

3.1

Low

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, execute automation rehydrated automation owners without rechecking that they were still active or still had features.automations, and check model access only enforced private-model grants for the exact user role, allowing deactivated pending users to continue scheduled model execution. This issue is fixed in version 0.10.0.

Fix

Missing Authorization

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59226

Affected Products

Open-Webui