9 matches found
CVE-2026-0765
Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...
Command Injection
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Command Injection via the installfrontmatterrequirements function. An attacker can execute arbitrary code in the context of the service account by supplying crafted input that is not properly validated before...
CVE-2026-0765
Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-0765
Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-0765 Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-0765 Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-0765
CVE-2026-0765 affects Open WebUI via the Python package Open WebUI/PIP install_frontmatter_requirements, where lack of validation of a user-supplied string before a system call enables a remote code execution in the service account context. Attacker authentication is required to exploit. Multiple...
Open WebUI: Operating System Command Injection Vulnerability
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Open WebUI has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for the strings provided by users in the...
(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the installfrontmatterrequirements function.The issue results from the lack of proper validation ...