A vulnerability categorized as problematic has been discovered in open-webui Open WebUI up to 0.9.x. Affected by this issue is some unknown functionality of the file pyodide.http of the component JS Module. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains.
The identification of this vulnerability is CVE-2026-59214. The attack may be launched remotely. There is no exploit available.