The vulnerability resides in Open WebUI’s session management. When an administrator’s role is revoked, the application fails to purge the user’s existing Socket.IO session from the session pool. As a result, the compromised user continues to wield administrative privileges via the terminal that remains open, regardless of the updated role. This persistent access enables the attacker to read or manipulate other users’ notes—an inadvertent privilege escalation that compromises confidentiality. The weakness originates from improper session invalidation after a role change, which is identified as CWE‑613.

The issue affects the open‑webui platform across all self‑hosted deployments running a version earlier than 0.9.0. Administrators or users who have been demoted during that time frame are at risk until the application is upgraded or sessions are reset.

The flaw carries a CVSS score of 8.1, indicating high severity. While the EPSS score is not published, no exploit reports are in the KEV catalog. Exploitation requires the attacker to have an active Socket.IO connection—which can be established through normal use of the web interface—and to have previously had their administrator role revoked. Once the session remains active, the attacker can perform unrestricted read access to the system’s note data. Consequently, the attack vector is web‑based, and the risk remains until the affected software is patched or sessions are reset.