PT-2026-39279

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/models/import' endpoint allows users with the workspace.models import permission to overwrite any existing model in the database, regardless of ownership. When an imported model'...