Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-59212

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _verify_knowledge_file_access only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user with read-only knowledge file access to upgrade to file write or delete operations. This issue is fixed in version 0.10.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 22.6%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2026-59212


Contact Us

Shodan ® - All rights reserved