CVE-2026-54009 | open-webui Open WebUI up to 0.9.5 /api/chat/completions image_url information disclosure

SecurityVulns

A vulnerability classified as problematic has been found in open-webui Open WebUI. Affected by this vulnerability is an unknown functionality of the file /api/chat/completions. The manipulation of the argument image_url leads to information disclosure.

This vulnerability is documented as CVE-2026-54009. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More