CVE-2026-45299
EUVD-2026-3066115.05.2026, 22:16
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is fixed in 0.8.0.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openwebui | open_webui | 𝑥 < 0.8.0 |
𝑥
= Vulnerable software versions