Talk to our security experts and see Miggo in action.
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.
Miggo AIMiggo AIMiggo AIMiggo AIRoot Cause Analysis: