CVE-2026-45346

Open WebUI (self-hosted offline AI platform) prior to version 0.6.31 contains a stored Cross‑Site Scripting (XSS) vulnerability in its SVG renderer. The issue allows attackers to save and execute injected HTML/JavaScript in the application context, potentially leading to data exposure or manipula...