CVE-2025-46571: Stored Cross-Site Scripting (XSS) in Open WebUI
Vulnerability ID: CVE-2025-46571
CVSS Score: 5.4
Published: 2026-07-07
Open WebUI versions prior to 0.6.6 contain a stored cross-site scripting (XSS) vulnerability that allows low-privileged users to upload malicious HTML files containing arbitrary JavaScript. When viewed by an administrator, the executed script can abuse administrative APIs to register malicious functions, leading to remote code execution on the underlying server host.
TL;DR
A stored XSS vulnerability in Open WebUI allows low-privileged users to achieve remote code execution (RCE) by tricking an administrator into opening an uploaded HTML file, bypassing logical checks to register unauthorized backend functions.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-79
- Attack Vector: Network
- CVSS Score: 5.4 (Medium)
- EPSS Score: 0.003 (0.30%)
- Exploit Status: poc
- CISA KEV Status: Not Listed
Affected Systems
- Open WebUI
-
open-webui: < 0.6.6 (Fixed in:
0.6.6)
Code Analysis
Commit: ef2aeb7
Attempted authorization fix restricting HTML file serving to admin uploads, introducing a flawed logic check
Exploit Details
- GitHub Security Advisory: Initial disclosure and detail description of the XSS vulnerability
Mitigation Strategies
- Upgrade to Open WebUI version 0.6.6 or later
- Configure Content Security Policy (CSP) with restrictive sandbox directives
- Block requests for HTML files at the reverse proxy or WAF level
- Isolate user-uploaded files on a distinct sandbox origin
Remediation Steps:
- Identify all deployed Open WebUI instances and verify their running version.
- Apply the official update to version 0.6.6 or later using the deployment container tags.
- If immediate patching is not possible, apply a reverse proxy rule to filter requests to '/api/v1/files/*/content/html' containing HTML extensions.
- Monitor access logs for unauthorized attempts to access the HTML file content rendering endpoint.
References
Read the full report for CVE-2025-46571 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)