CVE-2026-59218 - Open WebUI: Account enumeration via observable login timing discrepancy

CVE ID :CVE-2026-59218
Published : July 9, 2026, 5:17 p.m. | 52 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than missing-email attempts and allowing unauthenticated account enumeration. This issue is fixed in version 0.10.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

from Latest Vulnerabilities https://ift.tt/tnd15Sq
via IFTTT

Maloy Roy Orko

I am Maloy Roy Orko. An aspiring security researcher. Learning New Fields and Strategies Since 2019. 💻

Post a Comment

Please Select Embedded Mode To Show The Comment System.*

Previous Post Next Post