2 matches found
CVE-2026-54006 Open WebUI: Calendar event re-parenting allows writing events into another user's calendar
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/eventid/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar...
CVE-2026-54006
creationtimestamp| type| source ---|---|--- 2026-06-11 18:55:57+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-f3g7-59qc-pqg6...