CVE-2026-56400 - open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation
CVE ID :CVE-2026-56400 Published : July 15, 2026, 12:18 p.m. | 16 minutes ago Description :open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with allow_origins=* and authenticated requests to the /api/v1/functions endpoint. Attackers...