CVE-2026-59214
Open WebUI (self-hosted AI platform) before 0.10.0 is affected by a stored web worker XSS via Pyodide. The vulnerability arises when Pyodide runs in a same-origin web worker and stored chat payloads can cause authenticated same-origin requests through pyodide.http.pyfetch or the browser fetch/XML...