Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-59223

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEB_FETCH_FILTER_LIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL path and sibling-domain matches that did not reflect the intended hostname policy. This issue is fixed in version 0.10.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 12.9%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-59223


Contact Us

Shodan ® - All rights reserved