Vulnerabilities

CVE-2026-0765 - Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Exe...

2026-01-23 0 views admin

CVE ID : CVE-2026-0765 Published : Jan. 23, 2026, 3:28 a.m. | 47 minutes ago Description : Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the install_frontmatter_requirements function.The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28258. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-0765

Severity

HIGH

Published

Jan. 23, 2026

Impact: Command Injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-0765high

CVE-2026-0765 - Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Exe...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-0787 - ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability

CVE-2026-0796 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnera...

CVE-2026-0795 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnera...

CVE-2026-0794 - ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3