Serious vulnerability in Open WebUI (0.7.2) leads to 1-click RCE. PoC released by researcher after his report was ignored. Is one click enough to compromise everything?
A critical vulnerability in Open WebUI version 0.7.2 allows for a one-click Remote Code Execution (RCE). Security researcher Metin Yunus Kandemir discovered a Stored XSS vulnerability that enables attackers to gain full control of the platform with minimal user interaction. Kandemir released a Proof of Concept (PoC) after his initial report was reportedly ignored. AI
IMPACT This vulnerability in Open WebUI could expose AI environments to cyber threats, potentially leading to data breaches or system compromise.