CVE-2026-54006 | open-webui Open WebUI up to 0.9.5 /api/v1/calendars/events authorization (GHSA-f3g7-59qc-pqg6)
A vulnerability labeled as problematic has been found in open-webui Open WebUI up to 0.9.5. This impacts an unknown function of the file /api/v1/calendars/events. The manipulation results in authorization bypass.
This vulnerability is reported as CVE-2026-54006. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.