A vulnerability described as critical has been identified in open-webui Open WebUI. This affects the function _verify_knowledge_file_access of the component Knowledge File Access. Executing a manipulation can lead to privilege escalation.

This vulnerability is tracked as CVE-2026-59212. The attack can be launched remotely. No exploit exists.