Cross-site scripting in Open WebUI - #VU135953
Published: June 30, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the server.
The vulnerability exists due to cross-site scripting in the Pyodide code execution feature when processing Python code stored in a shared chat and executed in a same-origin worker. A remote user can store a crafted payload in a shared chat and induce the victim to click Run to execute arbitrary code on the server.
User interaction is required, and exploitation for server-side code execution depends on the victim having admin privileges or the workspace.functions or workspace.tools permissions. Open WebUI must be configured to use Pyodide.