Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is fixed in 0.8.0.
Published: 2026-05-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stored XSS flaw in Open WebUI’s profile image update functionality. The profile_image_url field previously accepted arbitrary URI values without MIME‑type validation, enabling an attacker to inject malicious scripts that are rendered when other users view the profile picture.

Affected Systems

Open WebUI, the self‑hosted AI platform, is affected. Any installation of the product that is older than version 0.8.0 remains vulnerable, as the profile_image_url field was patched in that release. Vendors listed in the CNA are open‑webui:open‑webui.

Risk and Exploitability

Based on the description, it is inferred that exploitation requires user interaction via the platform’s profile update page. The CVSS score of 5.4 indicates a medium severity flaw. No EPSS score is publicly available, but the fact that the vulnerability is stored XSS suggests that the attack vector involves a user‑initiated action. Because the platform is typically self-hosted and accessed only by authorized users, the potential impact is confined to the organization’s internal environment unless the application is exposed to external traffic. The vulnerability is not listed in CISA’s KEV catalog, so there are no known live exploits as of the last update.

Generated by OpenCVE AI on May 15, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Open WebUI to version 0.8.0 or later, which removes the MIME‑type validation loophole.
  • If an upgrade cannot be performed immediately, restrict access to the profile image update page to a limited set of administrative users only.
  • Add an additional layer of input validation on the profile_image_url field to ensure that only valid image URLs with approved MIME types are accepted, complementing the vendor’s fix until the upgrade is completed.

Generated by OpenCVE AI on May 15, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6gh2-q7cp-9qf6 Open WebUI has Stored Cross-Site Scripting In Profile Picture
History

Fri, 15 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 22:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is fixed in 0.8.0.
Title Open WebUI: Stored Cross-Site Scripting In Profile Picture
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T22:21:26.206Z

Reserved: 2026-05-11T20:14:43.202Z

Link: CVE-2026-45299

cve-icon Vulnrichment

Updated: 2026-05-15T22:20:10.167Z

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:53.710

Modified: 2026-05-15T22:16:53.710

Link: CVE-2026-45299

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T00:00:12Z

Weaknesses