Back to CVE List

CVE-2026-59226

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.1 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Vulnerability Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, execute_automation rehydrated automation owners without rechecking that they were still active or still had features.automations, and check_model_access only enforced private-model grants for the exact user role, allowing deactivated pending users to continue scheduled model execution. This issue is fixed in version 0.10.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-285
Source
NVD
Vendor
open-webui
Product
open-webui

External References

Discussion (0)

Add Comment

No comments yet. Be the first!