PT-2026-60119 · Openwebui · Open-Webui

Matte1782

·

Publicado

2026-07-15

·

Atualizado

2026-07-15

·

CVE-2026-56398

CVSS v3.1

7.3

Alta

VetorAV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to steal authentication tokens and achieve account takeover.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56398

Produtos afetados

Open-Webui