PT-2026-41191
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An authenticated attacker can perform mass assignment via the 'POST /api/v1/evaluations/feedback' endpoint. This is possible because the FeedbackForm uses a configuration that allows extra fields,...