DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-26192: CVE-2026-26192: Stored Cross-Site Scripting via Insecure Iframe Sandbox in Open WebUI

CVE-2026-26192: Stored Cross-Site Scripting via Insecure Iframe Sandbox in Open WebUI

Vulnerability ID: CVE-2026-26192
CVSS Score: 7.3
Published: 2026-07-07

CVE-2026-26192 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability in Open WebUI prior to version 0.7.0. Authenticated users can modify chat history metadata to force document citations to render inside an HTML iframe configured with an insecure sandbox policy. By combining 'allow-scripts' and 'allow-same-origin', the sandbox boundary is neutralized. This allows scripts executing within the iframe to access the parent window's DOM, extract sensitive Web UI local storage keys (such as authentication JWTs), and perform state-changing actions on behalf of other users, including administrators.

TL;DR

A Stored XSS vulnerability in Open WebUI (pre-0.7.0) allows low-privileged users to hijack administrator sessions via manipulated chat history citations rendered inside an insecurely sandboxed iframe.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-79
  • Attack Vector: Network (AV:N)
  • CVSS Score: 7.3 (High)
  • EPSS Score: 0.00194
  • Exploit Status: Proof of Concept (PoC) available
  • KEV Status: Not listed on CISA KEV

Affected Systems

  • Open WebUI prior to version 0.7.0
  • open-webui: < 0.7.0 (Fixed in: 0.7.0)

Exploit Details

  • GitHub Security Advisory: Technical writeup detailing stored XSS via iframe configurations inside Open WebUI citations modal.

Mitigation Strategies

  • Upgrade Open WebUI to version 0.7.0 or higher immediately.
  • Verify that iframeSandboxAllowSameOrigin is set to false in the application configuration.
  • Limit or monitor the generation of public 'Shared Chats' within the enterprise workspace.

Remediation Steps:

  1. Identify active Open WebUI deployment containers.
  2. Fetch the patched image using 'docker pull ghcr.io/open-webui/open-webui:main' or the specific tag 'v0.7.0'.
  3. Rebuild and restart the container setup to load the new frontend assets.
  4. Confirm that citation previews execute without same-origin privileges by checking the browser development console for DOM Exception restrictions.

References


Read the full report for CVE-2026-26192 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)