Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-56398
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-15 Jul, 2026 | 11:25
Updated At-15 Jul, 2026 | 13:25
Rejected At-
▼CVE Numbering Authority (CNA)
Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to steal authentication tokens and achieve account takeover.

Affected Products
Vendor
open-webui
Product
open-webui
Default Status
unaffected
Versions
Affected
  • From 0 before 0.9.5 (semver)
Unaffected
  • 0.9.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-20Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
matte1782
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/open-webui/open-webui/security/advisories/GHSA-3wgj-c2hg-vm6q
vendor-advisory
https://www.vulncheck.com/advisories/open-webui-stored-cross-site-scripting-via-oauth-picture-claim-svg-data-uri
third-party-advisory
Hyperlink: https://github.com/open-webui/open-webui/security/advisories/GHSA-3wgj-c2hg-vm6q
Resource:
vendor-advisory
Hyperlink: https://www.vulncheck.com/advisories/open-webui-stored-cross-site-scripting-via-oauth-picture-claim-svg-data-uri
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found