Lucene search
K

18 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59216

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...

7.7CVSS6AI score0.00276EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42623

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

3.1CVSS5.9AI score0.00222EPSS
Exploits1References4
CVE
CVE
added 5 days ago8 views

CVE-2026-59715

Affected software: Open WebUI self-hosted AI platform. Vulnerability: Unauthenticated access to collaborative-document Socket.IO handlers (ydoc:awareness:update, ydoc:document:leave) that accepted events without authenticated user, enabling unauthorized manipulation of document collaboration stat...

6.5CVSS5.9AI score0.00222EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/27 12:0 a.m.3 views

OPENSUSE-SU-2026:11137-1 python311-jupyter-ydoc-3.5.0-1.1 on GA media

These are all security issues fixed in the python311-jupyter-ydoc-3.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00782EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54022

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...

5.3CVSS0.00268EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/17 6:5 p.m.15 views

Open WebUI: Any authenticated user can read other users' private notes via Socket.IO

Summary The ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores documentid.replace":", "". An attacker can join a document room using no...

5.3CVSS5.8AI score0.00268EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50593

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An authorization bypass exists in the ydoc:document:join Socket.IO handler. The handler only performs ownership checks when the document id variable starts with the prefix note: colon. However, t...

5.3CVSS5.9AI score0.00268EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44564

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS5.5AI score0.0022EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 8:16 p.m.16 views

CVE-2026-44564

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS0.0022EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 7:26 p.m.26 views

CVE-2026-44564

Open WebUI (self-hosted offline AI platform) contains a vulnerability in the ydoc:document:update Socket.IO handler that allows read-only users to modify in-memory Yjs documents. The handler validates room membership but does not verify write permission, and read-only users join the document room...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/15 7:26 p.m.14 views

EUVD-2026-30616

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 7:26 p.m.3 views

CVE-2026-44564 Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS6AI score0.0022EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 8:0 p.m.13 views

GHSA-VRFH-RJ4Q-RMHR Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

5.4CVSS5.5AI score0.0022EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 12:0 a.m.4 views

OPENSUSE-SU-2026:10428-1 python311-jupyter-ydoc-3.4.0-2.1 on GA media

These are all security issues fixed in the python311-jupyter-ydoc-3.4.0-2.1 package on the GA media of openSUSE Tumbleweed...

9.2CVSS5.9AI score0.00481EPSS
Exploits0References1
OSV
OSV
added 2025/07/03 12:0 a.m.5 views

OPENSUSE-SU-2025:15273-1 python311-jupyter-ydoc-3.1.0-1.1 on GA media

These are all security issues fixed in the python311-jupyter-ydoc-3.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

3.1CVSS6.5AI score0.00459EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2024/12/07 12:0 a.m.3 views

python310-jupyter-ydoc-3.0.0-2.1 on GA media (moderate)

python310-jupyter-ydoc-3.0.0-2.1 on GA media Announcement ID: openSUSE-SU-2024:14559-1 Rating: moderate Cross-References: CVE-2024-21538 CVSS scores: CVE-2024-21538 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2024-21538 SUSE : 5.6...

5.6CVSS7.8AI score0.00873EPSS
Exploits0
OSV
OSV
added 2024/12/06 12:0 a.m.4 views

OPENSUSE-SU-2024:14559-1 python310-jupyter-ydoc-3.0.0-2.1 on GA media

These are all security issues fixed in the python310-jupyter-ydoc-3.0.0-2.1 package on the GA media of openSUSE Tumbleweed...

8.7CVSS7.7AI score0.00873EPSS
Exploits0References2
Rows per page
Query Builder