A critical vulnerability in Open WebUI version 0.7.2 allows for a one-click Remote Code Execution (RCE) by exploiting a Stored XSS flaw. Security researcher Metin Yunus Kandemir disclosed a Proof of Concept (PoC) after their initial report was allegedly ignored. This vulnerability could grant attackers full control over an AI environment with minimal user interaction. AI
Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →
IMPACT This vulnerability could compromise AI environments, leading to data breaches and system control by malicious actors.
RANK_REASON Disclosure of a security vulnerability in a specific software product.