A vulnerability classified as problematic was found in open-webui Open WebUI up to 0.9.x. The impacted element is the function execute_automation/check_model_access of the component Automation. Executing a manipulation can lead to improper authentication.

This vulnerability is registered as CVE-2026-59226. It is possible to launch the attack remotely. No exploit is available.