CVE-2026-45346
Open WebUI: Stored Cross-Site Scripting in SVG Renderer
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. This vulnerability is fixed in 0.6.31.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
open-webui · open-webuiWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →