CVE-2026-56400 | open-webui up to 0.3.13 Cross-Origin Resource Sharing /api/v1/functions allow_origins cross-domain policy
A vulnerability labeled as problematic has been found in open-webui up to 0.3.13. Affected by this vulnerability is an unknown functionality of the file /api/v1/functions of the component Cross-Origin Resource Sharing Handler. Such manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains.
This vulnerability is traded as CVE-2026-56400. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More