A vulnerability has been found in Open WebUI up to 0.9.x and classified as critical. This affects an unknown function of the file backend/open_webui/routers/terminals.py of the component Terminal Backend. This manipulation of the argument session_id/user_id causes injection.

This vulnerability is registered as CVE-2026-59224. Remote exploitation of the attack is possible. No exploit is available.