PatchSiren cyber security CVE debrief
CVE-2026-45317 open-webui CVE debrief
A Cross-Site Request Forgery (CSRF) vulnerability in Open WebUI's image uploading functionality allows authenticated attackers to perform actions on behalf of victim users. The flaw exists in versions prior to 0.9.3 and stems from insufficient validation of image URLs, enabling attackers to specify malicious endpoints that execute when images are viewed. The vulnerability is exploitable by any authenticated user, with impact including potential cookie theft and denial of service through unauthorized GET requests triggered by image rendering. The CVSS 3.1 score of 4.6 (Medium) reflects network attack vector, low attack complexity, required privileges, and user interaction, with low impacts to confidentiality and availability. The vendor has released version 0.9.3 containing the fix. Organizations should prioritize upgrading affected deployments and review image URL handling implementations for additional hardening.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- MEDIUM 4.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-18
Who should care
Organizations operating self-hosted Open WebUI instances, particularly those with multi-user deployments where image sharing is common. Security teams managing AI/ML infrastructure and developers implementing offline AI platforms with user-generated content features.
Technical summary
Open WebUI versions prior to 0.9.3 contain an application-wide CSRF vulnerability in image uploading functionality. The platform fails to properly validate image URLs, allowing authenticated attackers to inject malicious endpoints. When victim users view compromised images (such as profile pictures), their browsers automatically issue GET requests to attacker-controlled URLs without their knowledge. This enables session hijacking through cookie theft, resource exhaustion attacks, and other unauthorized actions performed with victim credentials. The vulnerability requires authenticated access to exploit but affects all users who render the malicious image content.
Defensive priority
medium
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.3 or later to remediate the CSRF vulnerability in image upload functionality
- Review and validate all image URL inputs in self-hosted Open WebUI deployments to ensure proper sanitization
- Implement Content Security Policy (CSP) headers to mitigate impact of similar cross-site request vulnerabilities
- Monitor access logs for unusual GET request patterns originating from image rendering operations
- Assess user privilege levels and consider implementing additional authentication checks for sensitive operations
Evidence notes
CVE published 2026-05-15; modified 2026-05-18. Vendor advisory confirms exploitability and fix in 0.9.3. CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L. CWE-20 (Improper Input Validation) and CWE-352 (Cross-Site Request Forgery) identified.
Official resources
-
CVE-2026-45317 CVE record
CVE.org
-
CVE-2026-45317 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
2026-05-15