2898 matches found
CVE-2026-45314 Open WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...
CVE-2026-45314
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...
CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...
EUVD-2026-30660
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...
CVE-2026-45316
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...
CVE-2026-45316
Summary (Open WebUI CVE-2026-45316): A permission check bug in the POST /api/v1/notes/{id}/pin endpoint allows read-only users to toggle a note’s is_pinned state because it checks read permission instead of write. The issue occurs in Open WebUI prior to 0.9.3 and is fixed in 0.9.3. The vulnerabil...
CVE-2026-45317
CVE-2026-45317 describes an application-wide CSRF vector in Open WebUI’s image handling prior to 0.9.3. An authenticated user can influence image URL rendering so that viewing a compromised image causes the user’s browser to issue GET requests to an attacker-controlled URL, potentially leaking co...
CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...
CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...
EUVD-2026-30659
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...
CVE-2026-45318
CVE-2026-45318 is an Open WebUI stored XSS vulnerability. The root cause is rendering unsanitized HTML produced from Excel/DOCX previews (XLSX.utils.sheet_to_html) via {@html excelHtml} or fileOfficeHtml without DOMPurify. This affects Open WebUI versions prior to 0.9.3, where an attacker-uploade...
CVE-2026-45318 Open WebUI: Stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...
CVE-2026-45318
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...
CVE-2026-45318 Open WebUI: Stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...
EUVD-2026-30656
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...
CVE-2026-45315
Open WebUI (self-hosted offline AI platform) is affected by CVE-2026-45315. Before version 0.9.3, the audio transcription upload endpoint accepts a user-supplied filename extension and saves the file under CACHE_DIR/audio/transcriptions, then serves /cache/{path} via FileResponse using the on-dis...
CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...
CVE-2026-45315
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...
CVE-2026-44571
CVE-2026-44571 concerns the Open WebUI platform. In standard channels, the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update could be invoked with only read permission if access_control is None, allowing unauthorized users to modify other users’ messages. The issue is fixed...
EUVD-2026-30655
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...