PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56398 open-webui CVE debrief

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow. The picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to steal authentication tokens and achieve account takeover.

Vendor
open-webui
Product
Unknown
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of Open WebUI before version 0.9.5 should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.9.5 or later, and verifying that profile image uploads are properly validated.

Technical summary

The vulnerability exists in the OAuth authentication flow of Open WebUI before 0.9.5. The picture claim URL MIME type is determined by file extension instead of the Content-Type header. This allows attackers to upload SVG files, which can be stored as data URIs, bypassing the profile image validator. When an authenticated user visits the profile image endpoint, they receive the attacker-controlled SVG content with inline disposition and without default security headers. This enables script execution in the same origin, allowing attackers to steal authentication tokens and take over accounts.

Defensive priority

High

Recommended defensive actions

  • Update Open WebUI to version 0.9.5 or later
  • Verify profile image uploads are properly validated
  • Monitor for suspicious profile image uploads and account activity
  • Implement additional security headers for profile image endpoint
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-15T12:18:02.870Z and was last modified on 2026-07-16T20:03:37.680Z. The NVD entry is currently Analyzed. Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to steal authentication tokens and achieve account takeover. Users and administrators should verify profile image uploads and validate that Open WebUI instances have been updated to version 0.9.5 or later.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T12:18:02.870Z and has not been modified since then. The NVD entry is currently Analyzed.