Improper Authorization in Open WebUI - #VU136842
Published: July 3, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to continue accessing realtime features with a revoked JWT.
The vulnerability exists due to improper access control in realtime authentication endpoints when validating JWTs for new Socket.IO or terminal websocket connections. A remote user can present a revoked token to continue accessing realtime features with a revoked JWT.
Only deployments with Redis configured are vulnerable. HTTP authentication correctly rejects the revoked token, but realtime connection paths still accept it. Terminal websocket access is affected only when terminal servers are configured.