This technical threat advisory covers LDAP and OAuth first-user race condition, allowing unauthorized admin privilege escalation in Open WebUI.

This threat was originally discovered by Sanaan Fayaz Wani from the Cyber Florida SOC and is now recognized as an official CVE.