-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability explicitly exists in the API endpoint /api/v1/users/{uuid_administrator} which suggests the associated DELETE handler function is missing privilege validation. In typical REST API implementations, this would map to a delete_user function in the users route/controller. The UI restriction being bypassed indicates the authorization check was only implemented at the frontend layer, not in the backend API handler.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| open-webui | pip |
PythonPythonOngoing coverage of React2Shell