CVE-2026-45317

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3

Description An application-wide Cross-Site Request Forgery (CSRF) issue exists in the image uploading functionality. An attacker can set an image URL to a malicious endpoint, causing any authenticated user who views the compromised image to unknowingly send a GET request to the attacker-controlled URL. This can be exploited through profile pictures, model pictures, and images within shared chats or notes. Potential consequences include cookie theft, denial of service (DoS), or other malicious actions performed on behalf of the victim. Technical exploitation involves the lack of input validation for image file types and the insecure display of images, where the application sends a GET request to unvalidated URLs. Affected endpoints include '/api/v1/chats/{chat id}', '/api/v1/notes/{note id}/update', '/api/v1/models/create', and '/api/v1/models/model/update'. Vulnerable parameters include profile image url and the url field within image file objects.

Recommendations Update to version 0.9.3. As a temporary workaround, restrict the ability for users to provide external URLs for profile and model images, or disable the rendering of images in shared chats and notes until the update is applied.