PatchSiren cyber security CVE debrief
CVE-2026-56398 open-webui CVE debrief
Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow. The picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to steal authentication tokens and achieve account takeover.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-15
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-15
- Advisory updated
- 2026-07-16
Who should care
Users of Open WebUI before version 0.9.5 should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.9.5 or later, and verifying that profile image uploads are properly validated.
Technical summary
The vulnerability exists in the OAuth authentication flow of Open WebUI before 0.9.5. The picture claim URL MIME type is determined by file extension instead of the Content-Type header. This allows attackers to upload SVG files, which can be stored as data URIs, bypassing the profile image validator. When an authenticated user visits the profile image endpoint, they receive the attacker-controlled SVG content with inline disposition and without default security headers. This enables script execution in the same origin, allowing attackers to steal authentication tokens and take over accounts.
Defensive priority
High
Recommended defensive actions
- Update Open WebUI to version 0.9.5 or later
- Verify profile image uploads are properly validated
- Monitor for suspicious profile image uploads and account activity
- Implement additional security headers for profile image endpoint
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-15T12:18:02.870Z and was last modified on 2026-07-16T20:03:37.680Z. The NVD entry is currently Analyzed. Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to steal authentication tokens and achieve account takeover. Users and administrators should verify profile image uploads and validate that Open WebUI instances have been updated to version 0.9.5 or later.
Official resources
-
CVE-2026-56398 CVE record
CVE.org
-
CVE-2026-56398 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T12:18:02.870Z and has not been modified since then. The NVD entry is currently Analyzed.