CVE-2026-59220
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
09/07/2026
Última modificación:
09/07/2026
Descripción
*** Pendiente de traducción *** Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message containing to trigger quadratic backtracking and block the asyncio event loop. This issue is fixed in version 0.10.0.
Impacto
Puntuación base 3.x
6.50
Gravedad 3.x
MEDIA
Referencias a soluciones, herramientas e información
- https://github.com/open-webui/open-webui/commit/61a26722155ec6ee1b629cf8dfcf975098c18331
- https://github.com/open-webui/open-webui/releases/tag/v0.10.0
- https://github.com/open-webui/open-webui/security/advisories/GHSA-ffpj-xv5c-p3gw
- https://github.com/open-webui/open-webui/security/advisories/GHSA-ffpj-xv5c-p3gw



