Information security
fromInfoWorld
3 days agoOpen WebUI bug turns the 'free model' into an enterprise backdoor
Open WebUI's storage of long-lived JWTs in localStorage plus Direct Connections execute events enables account takeover and can escalate to remote code execution.