CVE-2026-59214
Received Received - Intake

Stored XSS in Open WebUI via Pyodide HTTP Requests

Vulnerability report for CVE-2026-59214, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue authenticated same-origin requests when a victim clicks Run, which can reach admin-only endpoints and execute server-side code through configured tools. This issue is fixed in version 0.10.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
open_webui open_webui 0.10.0
open_webui open_webui to 0.10.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-59214 is a vulnerability in Open WebUI that allows server-side remote code execution (RCE) through a flaw in how client-side Python code (using Pyodide) is executed in a same-origin web worker.

The vulnerability arises because Python code running in the victim's browser can issue authenticated same-origin requests using the victim's session cookie. An attacker can store a malicious payload in a shared chat message, and when a victim with sufficient permissions clicks "Run," this payload executes authenticated requests or creates server-side functions/tools that run arbitrary commands.

This requires the victim to interact by clicking "Run" and for Open WebUI to be configured to use Pyodide. The issue is fixed in version 0.10.0 by sandboxing Pyodide in an iframe with an opaque origin, preventing access to session cookies and cross-origin requests.

Impact Analysis

This vulnerability can lead to full server-side remote code execution if a privileged user (such as an admin) is tricked into running a malicious payload.

For less privileged users, it can allow arbitrary authenticated same-origin requests using their session, potentially exposing sensitive data or performing unauthorized actions.

The impact includes high confidentiality and integrity risks, as attackers can execute arbitrary commands on the server or perform unauthorized operations within the application.

Detection Guidance

Detection of this vulnerability involves monitoring for malicious payloads that exploit the Pyodide same-origin code execution flaw in Open WebUI. Since the attack requires a victim to click "Run" on a stored chat payload that issues authenticated same-origin requests, detection can focus on identifying unusual or unauthorized requests to admin-only endpoints or the creation of Functions/Tools with suspicious server-side Python code.

Network monitoring tools can be used to detect unexpected authenticated requests originating from user sessions, especially those targeting admin endpoints.

Specific commands or methods to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include upgrading Open WebUI to version 0.10.0 or later, where the vulnerability is fixed by running Pyodide in a sandboxed iframe with an opaque origin, preventing cross-origin requests and access to session cookies.

As a workaround, you can disable Pyodide code execution entirely or switch to a server-side code execution engine to prevent exploitation.

Compliance Impact

The vulnerability CVE-2026-59214 allows authenticated users to execute server-side code or make authenticated requests using the victim's session cookie, potentially leading to unauthorized access to sensitive data or administrative functions.

Such unauthorized access and potential data exposure could impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.

However, the provided information does not explicitly discuss compliance implications or specific regulatory impacts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59214. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart