{"id":"CVE-2026-59715","summary":"Open WebUI: Unauthenticated WebSocket Access to Collaborative Document Handlers (ydoc:awareness:update, ydoc:document:leave)","details":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with always_connect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requiring an authenticated user, allowing unauthorized manipulation of document collaboration state. This issue is fixed in version 0.10.0.","aliases":["GHSA-gmfw-g93r-vg53"],"modified":"2026-07-15T01:49:10.291812012Z","published":"2026-07-09T16:16:02.977Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/59xxx/CVE-2026-59715.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-306"]},"references":[{"type":"WEB","url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/59xxx/CVE-2026-59715.json"},{"type":"ADVISORY","url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gmfw-g93r-vg53"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-59715"},{"type":"FIX","url":"https://github.com/open-webui/open-webui/commit/22f2fe1ffb66c993dad1e0b2b35514acaed2370e"},{"type":"FIX","url":"https://github.com/open-webui/open-webui/pull/25946"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open-webui/open-webui","events":[{"introduced":"f966935d1da56a1f9f8691c1f62d68eecc0438fa"},{"fixed":"4d2e13cf2bcc451b33bb6374bea4d2163e6cc94c"},{"fixed":"22f2fe1ffb66c993dad1e0b2b35514acaed2370e"}],"database_specific":{"extracted_events":[{"introduced":"0.6.16"},{"fixed":"0.10.0"}],"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*"}}],"versions":["v0.9.5","v0.9.4","v0.9.3","v0.9.2","v0.9.1","v0.9.0","v0.8.12","v0.8.11","v0.8.10","v0.8.9","v0.8.8","v0.8.7","v0.8.6","v0.8.5","v0.8.4","v0.8.3","v0.8.2","v0.8.1","v0.8.0","v0.7.2","v0.7.1","v0.7.0","v0.6.43","v0.6.42","v0.6.41","v0.6.40","v0.6.39","v0.6.38","v0.6.37","v0.6.36","v0.6.34","v0.6.35","v0.6.33","v0.6.32","v0.6.31","v0.6.30","v0.6.29","v0.6.28","v0.6.27","v0.6.26","v0.6.25","v0.6.24","v0.6.23","v0.6.22","v0.6.21","v0.6.20","v0.6.19","v0.6.18","v0.6.17","v0.6.16"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-59715.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}