Tag

Owasp

1 brief RSS

Open WebUI /responses Endpoint Authentication Bypass Vulnerability

The /responses endpoint in Open WebUI's OpenAI router lacks access control, allowing authenticated users to bypass per-model access controls and interact with any configured model, potentially leading to denial of service, model theft, and access policy bypass.

open-webui authentication-bypass llm owasp

2r 4h ago