Tag
Open WebUI versions 0.8.11 and earlier are vulnerable to arbitrary code execution due to a bypassed feature gate; the `/api/v1/utils/code/execute` endpoint allows authenticated users to execute Python code via Jupyter even when code execution is disabled, leading to potential data exfiltration and code execution (CVE-2026-45672).