2 matches found
CVE-2026-59213
Open WebUI (self-hosted AI platform) versions 0.6.27–0.10.0 contain a flaw where get_all_models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of using key_builder. This caused permission-filtered per-user model lists to share a static cache entry, exp...
EUVD-2026-42629
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...