Back to CVE List

CVE-2026-59213

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.5 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Vulnerability Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, get_all_models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of key_builder, causing permission-filtered per-user model lists to share a static cache entry and exposing one user’s model list to another caller during the TTL window. This issue is fixed in version 0.10.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-524
Source
NVD
Vendor
open-webui
Product
open-webui

External References

Discussion (0)

Add Comment

No comments yet. Be the first!