SB2026051156 - Multiple vulnerabilities in Open WebUI
Published: May 11, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to modify note pin status without proper write authorization.
The vulnerability exists due to incorrect authorization in the POST /api/v1/notes/{id}/pin endpoint when handling pin toggle requests for shared notes. A remote user can send a crafted pin request to modify note pin status without proper write authorization.
User interaction is required, and exploitation requires read access to a shared note via explicit sharing. Only the is_pinned field can be modified.
2) Cross-site scripting (CVE-ID: N/A)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary script in a victim's browser and steal session tokens.
The vulnerability exists due to cross-site scripting in the /api/v1/audio/transcriptions upload endpoint and the /cache/{path} route when processing a user-supplied filename extension and serving the uploaded file as web content. A remote user can upload a specially crafted polyglot file and trick the victim into opening the resulting URL to execute arbitrary script in a victim's browser and steal session tokens.
User interaction is required, and the issue is exploitable by a verified user with the default-on chat.stt permission.
3) Cross-site scripting (CVE-ID: N/A)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary script in a victim's browser.
The vulnerability exists due to improper neutralization of input during web page generation in Office file preview rendering in FilePreview.svelte and FileItemModal.svelte when rendering HTML converted from user-supplied Office, Excel, or DOCX files via Svelte {@html} without DOMPurify sanitization. A remote user can upload a specially crafted document and have it rendered during file preview to execute arbitrary script in a victim's browser.
User interaction is required when a user previews the crafted file, and shared multi-user instances are especially exposed because the malicious file is stored server-side and can affect each viewer.
4) Improper Neutralization of Alternate XSS Syntax (CVE-ID: N/A)
CWE-ID: CWE-87 - Improper Neutralization of Alternate XSS Syntax
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary JavaScript in the application's origin.
The vulnerability exists due to improper neutralization of alternate xss syntax in the profile image endpoint when processing webhook profile_image_url values containing svg data URLs. A remote user can supply a specially crafted svg payload in a webhook profile image to execute arbitrary JavaScript in the application's origin.
The Channels feature must be enabled, and user interaction is required because the malicious profile-image URL must be opened in a browser.
5) Cross-site request forgery (CVE-ID: N/A)
CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to cause a denial of service and disclose sensitive information.
The vulnerability exists due to improper input validation in image uploading and rendering functionality when processing user-supplied image urls. A remote user can set an image url to a malicious endpoint to cause a denial of service and disclose sensitive information.
User interaction is required, as a victim must view the compromised image, such as in a profile picture, shared chat, shared note, or model image.
Remediation
Install update from vendor's website.
References
- https://github.com/open-webui/open-webui/security/advisories/GHSA-jx2x-j75f-xq3j
- https://github.com/open-webui/open-webui/security/advisories/GHSA-m8f9-9whg-f4xr
- https://github.com/open-webui/open-webui/commit/8dae237a0bfdac4b7f55b463b3e2769ea4b94a0b
- https://github.com/open-webui/open-webui/security/advisories/GHSA-hcwp-82g6-8wxc
- https://github.com/open-webui/open-webui/security/advisories/GHSA-3856-3vxq-m6fc
- https://github.com/open-webui/open-webui/security/advisories/GHSA-j6w6-986j-2m2m
- https://github.com/open-webui/open-webui/commit/2407d9b905978d68619bdce4021e424046ec8df9