No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to steal authentication tokens and achieve account takeover. | |
| Title | Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI | |
| First Time appeared |
Openwebui
Openwebui open Webui |
|
| Weaknesses | CWE-20 | |
| CPEs | cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Openwebui
Openwebui open Webui |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T13:25:55.678Z
Reserved: 2026-06-21T12:37:58.435Z
Link: CVE-2026-56398
Updated: 2026-07-15T13:20:09.613Z
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-20
Improper Input Validation