Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTML. This is subsequently added to the DOM unsanitized via @html causing the payload to trigger. This vulnerability is fixed in 0.8.0.
Published: 2026-05-15
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A crafted XLSX file can be uploaded to Open WebUI and previewed using the sheetjs library. The library converts the sheet contents into HTML via sheet_to_html without sanitizing user‑supplied data. The resulting HTML is then injected into the page via the @html directive, allowing an attacker to embed executable JavaScript. The attacker can run arbitrary code in the context of the user’s browser, potentially stealing session cookies, defacing the interface, or carrying out further malicious actions within the user’s session.

Affected Systems

All installations of Open WebUI version 0.7.x and below, i.e., before the 0.8.0 release, are affected.

Risk and Exploitability

The CVSS score of 7.3 classifies this as a High‑severity vulnerability. No EPSS data is available and the vulnerability is not currently listed in CISA’s KEV catalog. The exploit requires that a user view an attachment preview; the payload can be delivered by an attacker who controls the XLSX file. Given the straightforward attack path and the high impact of the stored XSS, organisations should treat this as a priority for remediation.

Generated by OpenCVE AI on May 15, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.8.0 or later, which sanitises the XLSX preview output.
  • If an upgrade is not immediately possible, disable the Excel file preview feature or restrict attachment preview to trusted users only.
  • Implement a robust Content Security Policy and ensure all attachment HTML is sanitized before rendering to minimise the risk of injected scripts.

Generated by OpenCVE AI on May 15, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jwf8-pv5p-vhmc Open WebUI has stored XSS in Excel file preview
History

Fri, 15 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 22:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTML. This is subsequently added to the DOM unsanitized via @html causing the payload to trigger. This vulnerability is fixed in 0.8.0.
Title Open WebUI: Stored XSS in excel file preview
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:45:16.446Z

Reserved: 2026-05-06T20:59:00.594Z

Link: CVE-2026-44549

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:52.490

Modified: 2026-05-15T22:16:52.490

Link: CVE-2026-44549

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T00:00:12Z

Weaknesses