CVE-2026-26192

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.7.0

Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Modifying chat history before version 0.7.0 allows manipulation of the html property within document metadata. This causes the frontend to interpret document contents as HTML and render them within an iFrame when a citation is previewed, leading to stored cross-site scripting (XSS). The payload executes when the citation is viewed, including in shared chats. The issue involves a code path triggered by document contents treated as HTML.

Recommendations Update to version 0.7.0 or later.