Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _sanitize_proxy_path in backend/open_webui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks and be decoded by the upstream terminal server. This issue is fixed in version 0.10.0.
CVE-2026-59221
This high-severity CVE scores 7.7 under a secondary CVSS source (NVD's own analysis pending). EPSS exploit probability: 0.4%, top 72% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 7.7
- EG Score
- 7.7(medium)
- EPSS
- 28.3%
- KEV
- Not listed
Published
July 9, 2026
Last Modified
July 10, 2026
Advisory Details (4)
Auto-updated Jul 9, 2026open-webui terminal proxy path traversal guard bypass via 9x encoded traversal · Advisory · open-webui/open-webui · GitHub
https://github.com/open-webui/open-webui/security/advisories/GHSA-frvj-c5qp-xj4wv0.10.0
Patch available: open-webui/open-webui v0.10.0
https://github.com/open-webui/open-webui/releases/tag/v0.10.0Fail closed when the proxy/redirect path decode cap is exceeded
Fix merged in open-webui/open-webui PR #26050 on 2026-06-16 — awaiting tagged release
https://github.com/open-webui/open-webui/pull/26050commit 05098d25a58d (open-webui/open-webui)
Fix landed in open-webui/open-webui commit 05098d25a58d — awaiting tagged release
https://github.com/open-webui/open-webui/commit/05098d25a58d03738e01c4e85e8852c3b4ad849cWeakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 16× in last 7d / 16× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-13 23:37 UTCEG score recompute
- 2026-07-13 22:31 UTCEPSS rescore
- 2026-07-13 10:54 UTCEG score recompute
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-12 22:12 UTCEG score recompute
- 2026-07-12 09:29 UTCEG score recompute
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-11 20:47 UTCEG score recompute
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-11 08:05 UTCEG score recompute
- 2026-07-10 19:23 UTCEG score recompute
- 2026-07-10 06:41 UTCEG score recompute
- 2026-07-09 17:57 UTCEG score recompute
- 2026-07-09 17:56 UTCMITRE cvelistV5first tracked
Related CVEs(same CWE)
Same CWE
10 shownCWE-22 · CWE-918
Frequently asked(5)
What is CVE-2026-59221?
When was CVE-2026-59221 disclosed?
Is CVE-2026-59221 actively exploited?
What is the CVSS score of CVE-2026-59221?
How do I remediate CVE-2026-59221?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-59221
Is Your Infrastructure Affected by CVE-2026-59221?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.