Product
Open WebUI versions prior to 0.8.6 contain a vulnerability in the chat completion API that allows attackers to bypass tool restrictions by invoking any server tool with elevated privileges by supplying the correct tool_id or tool_servers parameters; this issue is tracked as CVE-2026-45350.