CVE-2026-59225
Open WebUI vulnerability CVE-2026-59225 affects versions 0.8.12 up to before 0.10.0. An authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model via task endpoints like /api/v1/tasks/moa/completions. The normal chat flow re-checks submodel ac...