CNNVD-202601-4181 Information
Jan 23, 2026
cve
CNNVD ID
CNNVD-202601-4181
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI存在操作系统命令注入漏洞,该漏洞源于install_frontmatter_requirements函数缺乏对用户提供字符串的验证,可能导致命令注入和远程代码执行。
Description (English)
Open WebUI is an extended, functional, user-friendly, open source of Open WebUI WebUI. Open WebUI has an operating system command that injects a loophole, which stems from the lack of a string validation for the user in the install frontmotter requirements function, which may lead to command injection and remote code execution.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
Open WebUI
Published
2026-01-23
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-26-031/
Patch
https://github.com/open-webui/open-webui/releases
Share on: