Vulnerability in Open-webui
CVE-2026-54007
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt…
Affected products
- Open-webui — versions < 0.9.6
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)