CVE-2026-54017 | open-webui OpenWebUI up to 0.9.5 Reverse Proxy terminals.py path traversal (GHSA-r2wg-2mcr-66rv)

Inserito da Angelo Barbosa | Giu 19, 2026 | CVE

A vulnerability described as critical has been identified in open-webui OpenWebUI up to 0.9.5. This affects an unknown part of the file backend/open_webui/routers/terminals.py of the component Reverse Proxy Handler. Executing a manipulation can lead to path traversal.

This vulnerability is handled as CVE-2026-54017. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.

CVE-2026-54017 | open-webui OpenWebUI up to 0.9.5 Reverse Proxy terminals.py path traversal (GHSA-r2wg-2mcr-66rv)

Post correlati

CVE-2026-6150 | code-projects Simple Laundry System 1.0 /checkupdatestatus.php serviceId cross site scripting

CVE-2026-40592 | freescout-help-desk freescout up to 1.8.213 Conversation undo-reply authorization (GHSA-674v-r6xp-mvp6)

CVE-2023-47033 | MultiSigWallet 0xF0C99 executeTransaction Privilege Escalation

CVE-2024-6907 | SourceCodester Record Management System 1.0 sort.php sort cross site scripting