A vulnerability classified as problematic has been found in open-webui Open WebUI . Affected by this vulnerability is an unknown functionality of the file /api/chat/completions . The manipulation of the argument image_url leads to information disclosure. This vulnerability is documented as CVE-2026-54009 . The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.