Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-59215

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parent_id to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose thread context across channels. This issue is fixed in version 0.10.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 17.1%
CVSS Severity
CVSS v3 Score 3.1
Products affected by CVE-2026-59215


Contact Us

Shodan ® - All rights reserved