CVE-2026-59224 - Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the upstream (X-User-Id header and ws_terminal session_id query injection)
CVE ID :CVE-2026-59224 Published : July 9, 2026, 5:17 p.m. | 1 hour, 15 minutes ago Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded...