CVE-2026-44549 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances for AI operations, particularly those enabling file sharing or multi-user collaboration features. Security teams responsible for content upload validation and XSS prevention in web applications using spreadsheet processing libraries.

Technical summary

The vulnerability exists in Open WebUI's handling of Excel file attachments. When a user uploads an XLSX file, the application uses SheetJS (xlsx library) to convert spreadsheet content to HTML via the sheet_to_html function. The generated HTML is then inserted into the DOM using Svelte's @html directive, which does not perform automatic sanitization. A malicious actor can craft an XLSX file containing JavaScript payloads in cell content, formulas, or metadata that SheetJS converts to executable HTML. When another user views the file preview, the script executes in their browser context. This represents a stored XSS attack vector where the payload persists in the uploaded file and triggers on subsequent access. The fix in version 0.8.0 implements proper output sanitization before DOM insertion.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Open WebUI to version 0.8.0 or later to remediate the vulnerability
• Review and restrict Excel file upload capabilities if immediate patching is not feasible
• Implement Content Security Policy (CSP) headers as a defense-in-depth measure
• Monitor for suspicious XLSX uploads containing embedded scripts or unusual metadata
• Audit existing uploaded Excel files for potential malicious content

Evidence notes

CWE-79 (Improper Neutralization of Input During Web Page Generation) identified by GitHub Security Advisories. CPE criteria confirms affected versions are all versions prior to 0.8.0.

Official resources