A vulnerability has been found in Open WebUI up to 0.9.x and classified as critical. Affected is an unknown function of the component IO Handler. This manipulation causes improper authorization.

This vulnerability appears as CVE-2026-59715. The attack may be initiated remotely. There is no available exploit.