CVE-2026-54015: Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Open WebUI’s prompt version-history endpoints authorize the prompt_id in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that prompt (history_entry.prompt_id == prompt.id). Three operations are affected:

• GET /api/v1/prompts/id/{prompt_id}/history/diff — returns another prompt’s history snapshots (read).
• POST /api/v1/prompts/id/{prompt_id}/update/version — restores another prompt’s snapshot into the caller’s prompt, exposing its content (read).
• DELETE /api/v1/prompts/id/{prompt_id}/history/{history_id} — deletes another prompt’s history entry (delete).

An authenticated user with access to any prompt they control, plus a victim prompt_history.id, can read or delete another user’s private prompt history. The single-entry read endpoint (GET .../history/{history_id}) already enforces the binding; these three did not.