PT-2026-39274
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The validate collection access function employs an incomplete allowlist that only verifies ownership for collections starting with user-memory- and file-. Other collection names, such as the...