CRITICAL
GHSASUPPLY-CHAINCVE-2026-54022LLM02: Broken Basic AuthenticationAML.T0051
Open WebUI: Any authenticated user can read other users' private notes via Socket.IO
Unauthorized access to private notes via Socket.IO
15 CRIT · 1 INFO · THREAT RED · 16 items · Generated in 333s
Unauthorized access to private notes via Socket.IO
Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter
Authenticated low-privilege user can read private RAG / knowledge-base content they do not have access to
Application bypasses URL validation by following HTTP redirects
Unrestricted path traversal allows attackers to reach unintended endpoints and files on the terminal-server host
Unauthorized access to private knowledge base files
unauthenticated users can read or delete another user\u2019s private prompt history
Authenticated users can read files from sibling directories outside the intended cache directory
Authenticated users can take over accounts by storing SVG XSS payloads in model profile images
allows cross-user file read and deletion
Stored XSS vulnerability in Mermaid Markdown preview allows JavaScript execution in the victim’s browser under the Open WebUI origin.
allows cross-user file read and deletion
allows cross-user file disclosure via API
vulnerable code allows redirect-bypass SSRF in OAuth _process_picture_url
allows cross-site forced actions and model/tool execution under victim privileges without consent
Claude Fable is using Python to iterate through all available windows on the machine, potentially accessing sensitive information