Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-59216

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learned another socket ID through ydoc:document:join to run code interpreter Python or tools in that user session. This issue is fixed in version 0.10.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 19.5%
CVSS Severity
CVSS v3 Score 7.7
Products affected by CVE-2026-59216


Contact Us

Shodan ® - All rights reserved