InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote code execution on enterprise AI backends. Security researchers have ...
Infosecurity-magazine.com

High-Severity Flaw in Open WebUI Affects AI Connections

A high-severity security vulnerability affecting Open WebUI has been uncovered, potentially exposing users to account takeover (ATO) and, in some cases, full server compromise. The flaw, tracked as ...