CVE-2026-45314 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances prior to 0.9.3, particularly those with multi-user deployments where channel webhooks are accessible to non-administrative users. Security teams should prioritize patching due to the high confidentiality and integrity impact combined with relatively low exploitation complexity.

Technical summary

The vulnerability exists in the channel webhook create and update flow where profile_image_url parameters accept arbitrary values without validation. The endpoint decodes base64-encoded SVG content and serves it with image/svg+xml MIME type, preserving embedded script handlers. Attackers with low-privilege access can create or modify webhooks to inject malicious SVG payloads that execute when rendered in victim browsers. The fix in version 0.9.3 implements proper sanitization of profile image content.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Open WebUI to version 0.9.3 or later
• Review existing channel webhooks for suspicious profile_image_url values containing data:image/svg+xml or script handlers
• Implement Content Security Policy headers to mitigate impact of injected scripts
• Validate and sanitize all user-supplied image URLs, rejecting data URIs with executable content
• Audit access logs for unexpected requests to profile image endpoints with base64-encoded SVG payloads

Evidence notes

Vendor advisory confirms SVG payload execution via profile_image_url in channel webhooks. CVSS 4.0 vector indicates network attack vector, low attack complexity, privileged access required, user interaction required, high confidentiality and integrity impact. CWE-87 (Improper Neutralization of Alternate XSS Syntax) cited as secondary weakness.

Official resources