Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2632 articles · 174619 vulns · 37/41 feeds (7d)
← Back to list
7.6
CVE-2026-54013PATCHED
python · open-webui

Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no validate_profile_image_url field validator, and the model image serving endpoint has no MIME allowlist or nosniff header. Any authenticated user with workspace.models permission (enabled by default) can store a data:image/svg+xml;base64,... payload in a model's profile image and achieve full account takeover of anyone who navigates to the image URL. This vulnerability is fixed in 0.9.6.

Affected Products

VendorProductVersions
pythonopen-webui< 0.9.6

References

  • https://github.com/open-webui/open-webui/security/advisories/GHSA-v2qm-5wxj-qhj7(x_refsource_CONFIRM)

Related News (1 articles)

Tier C
VulDB19d ago
CVE-2026-54013 | open-webui Open WebUI up to 0.9.5 Model Image Serving Endpoint ModelMeta validate_profile_image_url cross site scripting (GHSA-v2qm-5wxj-qhj7)
→ No new info (linked only)
CVSS 3.17.6 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
CISA KEV❌ No
Actively exploited❌ No
Patch available
open-webui@0.9.6
CWECWE-79, CWE-116, CWE-693
PublishedJun 17, 2026
Last enriched19d agov2
Tags
GHSA-v2qm-5wxj-qhj7pip
Trending Score4
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-15308EXP
Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
Trending: 67
MEDIUMCVE-2026-55380EXP
Pillow GdImageFile decompression bomb protection bypass
Trending: 25
MEDIUMCVE-2026-55798EXP
Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path
Trending: 20
HIGHCVE-2026-54006
Open WebUI: Calendar event re-parenting allows writing events into another user's calendar
Trending: 4
HIGHCVE-2026-54010
Open WebUI: Forged chat-file link allows cross-user file read and deletion
Trending: 4

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 17, 2026
Discovered by ZDM
Jun 17, 2026
Updated: description, affectedVersions, severity, cvssEstimate
Jun 23, 2026
Patch Available
Jun 26, 2026

Version History

v2
Last enriched 19d ago
v2Tier C19d ago

Updated description with new technical details, changed affected versions to < 0.9.5, updated severity to MEDIUM, and noted that no exploit exists.

descriptionaffectedVersionsseveritycvssEstimate
via VulDB
v125d ago

Initial creation