CVE-2026-45299 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances, particularly those with multi-user deployments where user-generated content is displayed to other users. Security teams responsible for AI/ML platform hardening and developers maintaining Open WebUI forks or custom deployments.

Technical summary

The vulnerability exists in the user profile update form where the `profile_image_url` parameter accepted arbitrary `data:` URI schemes without validating the declared MIME type against an allowlist. An authenticated attacker could supply a crafted data URI containing JavaScript (e.g., `data:text/html,<script>...`) that would be stored and later rendered in contexts where the profile image is displayed, executing in the security context of other users' sessions. The CVSS v3.1 score of 5.4 (Medium) reflects the required user interaction and limited scope of impact. The fix in version 0.8.0 implements proper MIME-type validation restricting profile images to known safe image formats.

Defensive priority

medium

Recommended defensive actions

• Upgrade Open WebUI to version 0.8.0 or later to eliminate the vulnerability
• Review user profile update logs for suspicious data: URI patterns in profile_image_url fields prior to upgrade
• Implement Content Security Policy (CSP) headers as defense-in-depth against XSS vectors
• Validate that profile image inputs conform to expected image MIME types (image/jpeg, image/png, image/webp, image/gif)
• Audit existing user profiles for injected payloads if running versions prior to 0.8.0

Evidence notes

NVD analyzed status confirms technical details. GitHub Security Advisory GHSA-6gh2-q7cp-9qf6 provides vendor mitigation guidance. CVSS 3.1 vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N reflects network attack vector, low complexity, required privileges and user interaction, with changed scope and low confidentiality/integrity impact.

Official resources