Vulnerability  ·  2026-07-11

Open WebUI — Redis-Backed Token Revocation Bypass in Socket.IO/Terminal Authentication (CVSS 7.1)

VulnerabilityMedium impactGlobalCVE-2026-59219
From 0.9.0 before 0.10.0, with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and terminal-websocket first-message authentication used decode_token without checking the Redis-backed is_valid_token revocation state, meaning revoked/logged-out tokens remained usable for these code paths.
Token revocation is a core security control for terminating compromised sessions; this flaw means an attacker holding a revoked token (e.g., from a logged-out or force-revoked account) can still authenticate to real-time channels and the embedded terminal, undermining incident response containment for a self-hosted AI platform.
Revoked JWT token still passes decode_token check for Socket.IO/terminal auth because Redis-backed is_valid_token revocation state is not consulted
Open WebUI 0.9.0 to < 0.10.0 (with Redis configured)
Upgrade to Open WebUI ≥0.10.0
GitHub commit
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →