CVE-2026-45314

EUVD-2026-30662

15.05.2026, 22:16

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profile_image_url values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves this SVG as image/svg+xml without sanitization, allowing attacker-controlled script handlers (for example onload) to execute when the profile-image URL is opened in the browser. This vulnerability is fixed in 0.9.3.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
openwebui	open_webui	𝑥 < 0.9.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-87 - Improper Neutralization of Alternate XSS Syntax
The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.

References

https://github.com/open-webui/open-webui/security/advisories/GHSA-3856-3vxq-m6fc