Listen to this Post
The vulnerability arises because the Socket.IO `connect` handler snapshots the user’s role into an in‑memory `SESSION_POOL` dictionary at connection time and never refreshes it. The `heartbeat` handler only updates last_seen_at, leaving the cached role unchanged indefinitely. Role‑sensitive Yjs collaborative document handlers (ydoc:document:join, document_save_handler) consult this stale `SESSION_POOL` entry rather than the database. Meanwhile, administrative role changes (via POST /api/v1/users/{id}/update) and user deletions (via delete_user_by_id) do not invalidate or disconnect affected Socket.IO sessions. Thus, an admin who is demoted (or even deleted) retains full admin privileges on their live WebSocket connection. The attacker can keep the session alive using automatic heartbeats, then join any note document (e.g., note:<victim_id>) and read or overwrite its content. HTTP endpoints are safe because they re‑fetch the user from the database, but the real‑time collaborative path is completely compromised.
dailycve form:
Platform: Open WebUI
Version: main (6fdd19bf1)
Vulnerability: Stale session role
Severity: Critical
date: 2026-05-08
Prediction: 2026-05-15
What Undercode Say:
List active Socket.IO sessions with stale admin roles
grep -A5 "SESSION_POOL[sid]" backend/open_webui/socket/main.py
Simulate demotion without session invalidation
curl -X POST /api/v1/users/{B_id}/update -H "Authorization: Bearer $ADMIN_TOKEN" -d '{"role":"user"}'
Attacker keeps session alive
socket.emit('heartbeat', {})
Exploit stale admin check to join victim's note
socket.emit('ydoc:document:join', {'document_id': 'note:<victim_uuid>'})
Exploit:
Attacker establishes Socket.IO connection while holding admin role. After demotion, they continuously send heartbeats to retain the session. They emit `ydoc:document:join` with any victim’s note ID; the cached `role=’admin’` bypasses has_access. They then emit `ydoc:document:update` to overwrite note content. Even user deletion does not terminate the session.
Protection from this CVE:
Invalidate or disconnect Socket.IO sessions on role change/user deletion – iterate `SESSION_POOL` and call await socket.disconnect(sid). Alternatively, store only `user_id` in session and fetch role from database on every protected event. Implement a session version claim in JWT and check it against a server‑side counter.
Impact:
Full read/write access to any user’s notes after admin demotion or deletion. Attacker can persistently modify arbitrary collaborative documents. Admin revocation becomes ineffective for real‑time features, giving a false sense of security.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
