Critical Open WebUI Flaw Enables Easy RCE Attacks

Critical Open WebUI Flaw Enables Easy RCE Attacks

Posted on By CWS

A significant security vulnerability in Open WebUI remains unpatched, posing a serious threat to AI workspaces. This flaw enables attackers to execute remote code, potentially hijacking accounts and accessing sensitive chat histories with just a single click.

Discovery of the Vulnerability

Security researcher Metin Yunus Kandemir identified the flaw, which is rooted in a Stored Cross-Site Scripting (XSS) issue within the platform’s profile image upload feature. Despite the findings, developers have not acknowledged the vulnerability, leading to the exploit code being made public.

The vulnerability arises from inadequate restrictions on media types during image uploads in the Open WebUI application. Specifically, attackers can upload malicious SVG files containing Base64-encoded JavaScript payloads, which are executed by the victim’s browser due to the application’s content handling mechanisms.

Impact on Different User Levels

The severity of this exploit varies based on the user’s permission level within the Open WebUI environment. If an administrator or user with high privileges encounters the malicious image link, the attacker can achieve 1-Click Remote Code Execution (RCE), creating a backdoor via the API.

Standard users are not immune, as the script can trigger an Account Takeover (ATO) by extracting authentication tokens and chat history, sending this data to an external server. This attack occurs without additional authentication if the user is already logged in.

Response and Mitigation Measures

This zero-day vulnerability persists in Open WebUI version 0.7.2, initially reported on March 10, 2026. However, the Open WebUI team dismissed the report as a duplicate on May 6, 2026, without providing an official fix, prompting Kandemir to publish the Proof of Concept (PoC) on May 8, 2026.

Organizations using Open WebUI are advised to implement manual defenses, including restricting file types to safe formats like JPEG and PNG while blocking SVG files. Users should be cautious of suspicious links, especially those directing to the Open WebUI application.

The absence of an official patch necessitates vigilant monitoring and proactive security measures to safeguard environments using Open WebUI.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE unexpectedly Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE unexpectedly Cyber Security News
ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets Cyber Security News
Threat actors Breach High Value targets like Google in Salesforce Attacks Threat actors Breach High Value targets like Google in Salesforce Attacks Cyber Security News
Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access Cyber Security News
Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories Cyber Security News
Critical Solarwinds Web Vulnerability Allows Remote Code Execution and Security Bypass Critical Solarwinds Web Vulnerability Allows Remote Code Execution and Security Bypass Cyber Security News