CVE-2026-44570

CVE-2026-44570 affects Open WebUI prior to version 0.6.19, where authorization controls around the memories API were inconsistent. A non-admin user could query, view, delete, or attempt to modify another user’s memories via endpoints such as POST /api/v1/memories/query, POST /api/v1/memories/{mem...