Vulnerability  ·  2026-07-11

Open WebUI — Terminal WebSocket Upstream URL Query Injection via Unencoded session_id (CVSS 8.0)

VulnerabilityHigh impactGlobalCVE-2026-59224
Open WebUI backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to manipulate the terminal backend connection.
Open WebUI is a widely self-hosted AI chat platform; this flaw in its terminal-proxy feature allows manipulation of backend WebSocket routing, potentially enabling session confusion or unauthorized terminal access in multi-user deployments.
Unencoded session_id used to build upstream terminal WebSocket URL allows query-string injection to redirect or manipulate the backend connection
Open WebUI < 0.10.0
Upgrade to Open WebUI ≥0.10.0
GitHub commit
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →