CVE-2026-54013 open-webui CVE debrief

Who should care

Users of Open WebUI, especially those with administrative privileges or workspace.models permission, should be aware of this vulnerability and take immediate action to update to version 0.9.6 or later. Additionally, users who have already updated should verify that their instances are properly configured and secured.

Technical summary

The Open WebUI platform, prior to version 0.9.6, had an SVG XSS vulnerability in model profile images. The ModelMeta class did not validate profile image URLs, and the image serving endpoint lacked a MIME allowlist and nosniff header. This allowed authenticated users with workspace.models permission to store malicious SVG images, which could lead to full account takeover when navigated to. The vulnerability was addressed in Open WebUI 0.9.6.

Defensive priority

High priority should be given to updating Open WebUI to version 0.9.6 or later. Additionally, users should verify that their instances are properly configured, ensure that workspace.models permission is only granted to trusted users, and monitor for any suspicious activity.

Recommended defensive actions

• Update Open WebUI to version 0.9.6 or later
• Verify proper configuration and security measures
• Monitor for suspicious activity
• Restrict workspace.models permission to trusted users
• Implement additional security measures, such as validating user input and using secure image serving endpoints

Evidence notes

The CVE-2026-54013 vulnerability was reported and patched in Open WebUI 0.9.6. The vulnerability allowed authenticated users to store malicious SVG images, leading to full account takeover. The patch was applied to address this issue, and users are advised to update to the latest version.

Official resources