Scworld
High-Severity Vulnerability in Open WebUI Exposes Users to Account Takeover
First seen 6 Jan 2026, 18:42 UTC
•


•84% similarity
•36.2
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A high-severity security vulnerability, tracked as CVE-2025-64496, has been identified in Open WebUI, affecting versions 0.6.34 and older when the Direct Connections feature is enabled. Discovered by Cato Networks researchers, the flaw allows for account takeover and, under certain conditions, remote code execution on backend servers due to unsafe handling of server-sent events.
ThreatCluster AI