CVE-2026-26193
Received Received - Intake
Stored XSS in Open WebUI Chat via Unsafe iFrame Embeds

Publication date: 2026-02-19

Last updated on: 2026-02-20

Assigner: GitHub, Inc.

Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox that has `allow-scripts` and `allow-same-origin` set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables stored XSS on the affected chat. This also triggers when the chat is in the shared format. The result is a shareable link containing the payload that can be distributed to any other users on the instance. Version 0.6.44 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26193
EUVD
EUVD-2026-7981
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openwebui open_webui to 0.6.44 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Open WebUI versions prior to 0.6.44. It allows an attacker to manually modify the chat history to set the 'embeds' property on a response message. The content of this property is loaded into an iFrame with a sandbox that includes 'allow-scripts' and 'allow-same-origin' permissions, ignoring the intended iframe sandbox configuration. This enables a stored cross-site scripting (XSS) attack on the affected chat.

The vulnerability also triggers when the chat is in a shared format, resulting in a shareable link that contains the malicious payload. This link can be distributed to other users on the same instance, potentially compromising their security.

The issue was fixed in version 0.6.44 of Open WebUI.

Impact Analysis

This vulnerability can lead to stored cross-site scripting (XSS) attacks, which may allow an attacker to execute malicious scripts in the context of other users on the same Open WebUI instance.

Because the malicious payload can be embedded in a shareable link, other users who open the link may have their sessions compromised, potentially leading to unauthorized access to sensitive information or actions performed on their behalf.

The CVSS score of 7.3 indicates a high severity, with impacts including high confidentiality and integrity loss, though no impact on availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Open WebUI to version 0.6.44 or later, as this version fixes the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26193. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart