CVE-2026-0766

Name of the Vulnerable Software and Affected Versions Open WebUI (affected versions not specified)

Description A flaw exists in the load tool module by id function of Open WebUI that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used to execute Python code. Successful exploitation allows an attacker to execute code within the context of the service account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.