Vulnerabilities in open-webui
115 resultsCVE-2026-54012HIGHOpen WebUI: Forged model meta.knowledge allows cross-user file read and deletionEPSS 0.2%CVE-2026-26192HIGHOpen WebUI vulnerable to Stored XSS via iFrame in citations modelEPSS 0.2%CVE-2025-65959HIGHOpen WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'EPSS 0.2%CVE-2026-45365MEDIUMOpen WebUI: Authenticated users can bypass model access control via exposed query parameterEPSS 0.2%CVE-2026-44558MEDIUMOpen WebUI: Channel Access Grants Bypass filter_allowed_access_grantsEPSS 0.2%CVE-2026-45347MEDIUMOpen WebUI: Blind server side request forgery (SSRF) via the PDF generate functionEPSS 0.2%CVE-2026-45315HIGHOpen WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptionsEPSS 0.2%CVE-2026-54006MEDIUMOpen WebUI: Calendar event re-parenting allows writing events into another user's calendarEPSS 0.2%CVE-2026-44561MEDIUMOpen WebUI: Deactivated Channel Members Retain Full Access to Group/DM ChannelsEPSS 0.2%CVE-2026-54013HIGHOpen WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUIEPSS 0.2%CVE-2026-44568MEDIUMOpen WebUI: Stored XSS in Pending User Overlay via Incorrect DOMPurify Application OrderEPSS 0.2%CVE-2026-54015MEDIUMOpen WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletionEPSS 0.2%CVE-2026-45317MEDIUMOpen WebUI: Cross-Site Request Forgery (CSRF) via Image URL ManipulationEPSS 0.2%CVE-2026-45346MEDIUMOpen WebUI: Stored Cross-Site Scripting in SVG RendererEPSS 0.2%CVE-2026-54007HIGHOpen WebUI: Cross-origin postMessage confirmation bypass via action:submitEPSS 0.2%