CVE-2026-26192
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Tags
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponized document payload in a chat. The payload also executes when the citation is viewed on a shared chat. Version 0.7.0 fixes the issue.
Analysis
Stored XSS in Open WebUI prior to version 0.7.0 allows authenticated users to inject malicious HTML payloads into chat document metadata, which execute in the browser when citations are previewed or viewed in shared chats. Public exploit code exists for this vulnerability, and an attacker with login access can compromise any user who interacts with their weaponized chat documents. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Open WebUI deployments and their current versions; disable manual chat history editing if possible and restrict access to chat data. Within 7 days: Implement input validation and output encoding for all chat metadata fields; monitor for suspicious chat history modifications in audit logs. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today