CNNVD-202601-4180 Information
Jan 23, 2026
cve
CNNVD ID
CNNVD-202601-4180
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI存在代码注入漏洞,该漏洞源于load_tool_module_by_id函数缺乏对用户提供字符串的验证,可能导致代码注入和远程代码执行。
Description (English)
Open WebUI is an extended, functional, user-friendly, open source of Open WebUI WebUI. Open WebUI has a code-injecting loophole, which stems from the lack of a string validation for users that may lead to code injection and remote code execution.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Open WebUI
Published
2026-01-23
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-26-032/
Patch
https://github.com/open-webui/open-webui/releases
Share on: