CVE-2026-56398
Open WebUI before 0.9.5 is vulnerable to stored XSS via the OAuth picture claim SVG data URI. The code infers MIME type from the URL extension (e.g., .svg) and ignores the server-provided Content-Type, then stores data URI labelling it as image/svg+xml. The profile image validator is bypassed in ...