High-Severity Vulnerability in Open WebUI Exposes Users to Account Takeover

High-Severity Vulnerability in Open WebUI Exposes Users to Account Takeover

First seen 6 Jan 2026, 18:42 UTC CsoonlineInfosecurity-MagazineWebpronewsScworld 84% similarity 36.2

Article Content

Browse articles
ThreatCluster

A high-severity security vulnerability, tracked as CVE-2025-64496, has been identified in Open WebUI, affecting versions 0.6.34 and older when the Direct Connections feature is enabled. Discovered by Cato Networks researchers, the flaw allows for account takeover and, under certain conditions, remote code execution on backend servers due to unsafe handling of server-sent events.

ThreatCluster AI

Community

Browse all →