A vulnerability classified as problematic has been found in open-webui Open WebUI up to 0.9.x. The affected element is the function signin of the file /api/v1/auths/signin of the component Authentication. Performing a manipulation of the argument email results in information disclosure.

This vulnerability is cataloged as CVE-2026-59218. It is possible to initiate the attack remotely. There is no exploit available.