A vulnerability classified as critical was found in open-webui Open WebUI . Affected by this issue is some unknown functionality of the component Forged Chat-File Link Handler . The manipulation results in improper access controls. This vulnerability is reported as CVE-2026-54010 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.