Lucene search
K

7 matches found

Cvelist
Cvelist
added yesterday6 views

CVE-2026-59221 open-webui terminal proxy path traversal guard bypass via 9x encoded traversal

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2026-59224

Open WebUI vulnerability CVE-2026-59224 affects versions prior to 0.10.0. The issue: in backend/open_webui/routers/terminals.py, the ws_terminal upstream URL is built from an unencoded session_id and appends user_id as a query parameter, enabling query injection to make the terminal backend resol...

8CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added yesterday8 views

CVE-2026-59224 Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the upstream (X-User-Id header and ws_terminal session_id query injection)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS
Exploits0References4
NVD
NVD
added 2026/06/18 10:16 p.m.15 views

CVE-2026-54017

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:9 p.m.30 views

CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS0.00349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50589

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The terminal-server reverse proxy in backend/open webui/routers/terminals.py fails to properly confine the user-controlled path segment before forwarding it to an admin-configured terminal server...

7.7CVSS5.9AI score0.00349EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

Tanium Client 安全漏洞

Tanium Client is a terminal proxy software developed by the American company Tanium. Tanium Client has a security vulnerability, which stems from a denial-of-service vulnerability...

3.3CVSS5.8AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder