SB2026050628 - Multiple vulnerabilities in Open WebUI

Security Bulletin ID SB2026050628

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 12

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 12 vulnerabilities.

1) Cross-site scripting (CVE-ID: N/A)

The vulnerability allows a remote user to execute arbitrary script in a victim's browser.

The vulnerability exists due to cross-site scripting in the excel file preview component when rendering a crafted XLSX attachment for preview. A remote user can upload and share a specially crafted XLSX file to execute arbitrary script in a victim's browser.

User interaction is required to open the file modal and select the preview tab, and the issue can be triggered through shared chats.

2) Cross-site scripting (CVE-ID: N/A)

The vulnerability allows a remote user to execute arbitrary script in the application origin.

The vulnerability exists due to cross-site scripting in the profile image handling for profile_image_url and GET /api/v1/users/{user_id}/profile/image when processing a crafted data:image/svg+xml;base64,... profile image URL. A remote user can supply a specially crafted profile image URL to execute arbitrary script in the application origin.

User interaction is required to load the malicious profile image URL, and successful exploitation can enable JWT theft from localStorage and account takeover.

3) Cross-site scripting (CVE-ID: N/A)

The vulnerability allows a remote user to execute arbitrary script in a new browser tab.

The vulnerability exists due to cross-site scripting in the profile_image_url field when handling a crafted data:text/html;base64,... profile image URL opened as an image in a new tab. A remote user can set a specially crafted profile image URL to execute arbitrary script in a new browser tab.

User interaction is required when the victim right-clicks the profile picture and chooses to open the image in a new tab. The script executes in the data: origin rather than the application origin.

4) Missing Authorization (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause a denial of service and incur usage costs.

The vulnerability exists due to missing authorization in the /api/v1/memories/ef endpoint when handling unauthenticated GET requests that invoke the embedding function. A remote attacker can send repeated requests to trigger embedding generation to cause a denial of service and incur usage costs.

Only instances with memory features enabled are vulnerable, and cost exposure occurs when a paid upstream embedding provider is configured.

5) Cross-site scripting (CVE-ID: N/A)

The vulnerability allows a remote user to execute arbitrary script in a victim's browser and disclose sensitive information.

The vulnerability exists due to cross-site scripting in the Banner component in src/lib/components/common/Banner.svelte when rendering stored banner content after sanitizing input before parsing it with marked. A remote privileged user can store a specially crafted banner payload to execute arbitrary script in a victim's browser and disclose sensitive information.

User interaction is required, and the malicious banner is rendered for other users including the primary administrator.

6) Authorization bypass through user-controlled key (CVE-ID: N/A)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the /api/v1/notes/{note_id} endpoint when handling requests for note identifiers. A remote user can modify or enumerate note UUIDs to disclose sensitive information.

Exploitation requires the notes feature to be enabled, or for the user to expose the notes interface by modifying the /api/config response in the client.

7) Race condition (CVE-ID: N/A)

The vulnerability allows a remote attacker to escalate privileges to administrator.

The vulnerability exists due to a race condition in the LDAP and OAuth authentication flows when processing concurrent first-user authentication requests on a fresh instance. A remote attacker can send concurrent authentication requests to escalate privileges to administrator.

Exploitation is limited to deployments with LDAP or OAuth enabled and requires the instance to have no existing users.

8) Incorrect authorization (CVE-ID: N/A)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper access control in /api/v1/utils/code/execute endpoint when handling code execution requests while ENABLE_CODE_EXECUTION is set to false. A remote user can send a specially crafted request containing arbitrary Python code to execute arbitrary code.

Exploitation requires a verified user account and a connected Jupyter server.

9) Authorization bypass through user-controlled key (CVE-ID: N/A)

The vulnerability allows a remote user to read, modify, and delete arbitrary files owned by other users.

The vulnerability exists due to improper access control in has_access_to_file() in backend/open_webui/routers/files.py when handling file access requests for files referenced by shared chats. A remote user can send crafted requests to file endpoints using a valid file UUID to read, modify, and delete arbitrary files owned by other users.

User interaction is required because the target file must be referenced in a shared chat, and file UUIDs may be disclosed to users with read access to a knowledge base via GET /api/v1/knowledge/{id}/files.

10) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2026-34372)

The vulnerability allows a remote user to disclose contact subentity information.

The vulnerability exists due to improper access control in the subentities endpoints of the admin API when handling requests for contact subentities. A remote user can access subentities of contacts without having permission for contacts to disclose contact subentity information.

Exploitation requires access to the Sulu Admin via at least one role.

11) Use of a broken or risky cryptographic algorithm (CVE-ID: N/A)

The vulnerability allows a remote user to compromise the security of generated api keys and password reset tokens.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in API key generation and password reset token generation when generating security tokens. A remote user can obtain or predict weakly generated values to compromise the security of generated api keys and password reset tokens.

12) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote user to disclose potentially sensitive information.

The vulnerability exists due to improper access control in the users endpoint controller when handling requests to the admin API. A remote user can access the exposed apiKey field to disclose potentially sensitive information.

This only has impact if the project uses that field for its own purposes, as the core product does not use it for authentication.

Remediation

Install update from vendor's website.

SB2026050628 - Multiple vulnerabilities in Open WebUI

Breakdown by Severity

Description

Remediation

References

Please verify you're human