CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

CVE-2026-44553

Open WebUI (self-hosted offline AI) has a Socket.IO session cache vulnerability where admin role changes or user deletions are not propagated to active sessions. Prior to version 0.9.0, a user whose admin role was revoked can retain admin privileges within their existing Socket.IO session as long...

Incorrect Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the SESSIONPOOL process. An attacker can maintain unauthorized access to other users' notes and modify their content by keeping an active Socket.IO session after their administrativ...

PT-2026-39270

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Administrative role changes and user deletions do not invalidate the SESSION POOL in-memory dictionary. When a user connects via Socket.IO, their role is snapshotted into this pool. Because the...

Linux Distros Unpatched Vulnerability : CVE-2025-46336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, a...

Linux Distros Unpatched Vulnerability : CVE-2025-32441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...

SUSE-SU-2025:01586-2 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. - CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middlewar...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...

SUSE CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

SUSE CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

DEBIAN-CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

UBUNTU-CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

Race Condition

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Race Condition

Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Race Condition in Rack::Session::Pool middleware, which allows an attacker to restore and use a deleted session. The attacker must be in possession of a valid session cookie and the...

DEBIAN-CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

PT-2025-20314 · Rack +5 · Rack +5

Name of the Vulnerable Software and Affected Versions: Rack versions prior to 2.2.14 Description: The issue affects Rack, a modular Ruby web server interface, when using the Rack::Session::Pool middleware. Simultaneous rack requests can restore a deleted rack session, allowing an unauthenticated...

Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)

Microsoft Windows Kernel - DeferWindowPos Use-After-Free MS15-073 Source: https://code.google.com/p/google-security-research/issues/detail?id=339 The attached PoC demonstrate a use-after-free condition that occurs when operating on a DeferWindowPos object from multiple threads. The DeferWindowPos...

Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)

Source: https://code.google.com/p/google-security-research/issues/detail?id=339 The attached PoC demonstrate a use-after-free condition that occurs when operating on a DeferWindowPos object from multiple threads. The DeferWindowPos call will trigger and block on the execution of a window procedur...