Critical Open WebUI Flaw Enables Easy RCE Attacks

Critical Open WebUI Flaw Enables Easy RCE Attacks

Posted on By CWS

A significant security vulnerability in Open WebUI remains unpatched, posing a serious threat to AI workspaces. This flaw enables attackers to execute remote code, potentially hijacking accounts and accessing sensitive chat histories with just a single click.

Discovery of the Vulnerability

Security researcher Metin Yunus Kandemir identified the flaw, which is rooted in a Stored Cross-Site Scripting (XSS) issue within the platform’s profile image upload feature. Despite the findings, developers have not acknowledged the vulnerability, leading to the exploit code being made public.

The vulnerability arises from inadequate restrictions on media types during image uploads in the Open WebUI application. Specifically, attackers can upload malicious SVG files containing Base64-encoded JavaScript payloads, which are executed by the victim’s browser due to the application’s content handling mechanisms.

Impact on Different User Levels

The severity of this exploit varies based on the user’s permission level within the Open WebUI environment. If an administrator or user with high privileges encounters the malicious image link, the attacker can achieve 1-Click Remote Code Execution (RCE), creating a backdoor via the API.

Standard users are not immune, as the script can trigger an Account Takeover (ATO) by extracting authentication tokens and chat history, sending this data to an external server. This attack occurs without additional authentication if the user is already logged in.

Response and Mitigation Measures

This zero-day vulnerability persists in Open WebUI version 0.7.2, initially reported on March 10, 2026. However, the Open WebUI team dismissed the report as a duplicate on May 6, 2026, without providing an official fix, prompting Kandemir to publish the Proof of Concept (PoC) on May 8, 2026.

Organizations using Open WebUI are advised to implement manual defenses, including restricting file types to safe formats like JPEG and PNG while blocking SVG files. Users should be cautious of suspicious links, especially those directing to the Open WebUI application.

The absence of an official patch necessitates vigilant monitoring and proactive security measures to safeguard environments using Open WebUI.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Critical Fixes in Firefox 152 for Remote Code Threats Critical Fixes in Firefox 152 for Remote Code Threats Cyber Security News
Hackers Using AI to Automate Vulnerability Discovery and Malware Generation Hackers Using AI to Automate Vulnerability Discovery and Malware Generation Cyber Security News
New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency Cyber Security News
Critical Fixes Issued for PostgreSQL Vulnerabilities Critical Fixes Issued for PostgreSQL Vulnerabilities Cyber Security News
TamperedChef Hacking Campaign Leverages Common Apps to Deliver Payloads and Gain Remote Access TamperedChef Hacking Campaign Leverages Common Apps to Deliver Payloads and Gain Remote Access Cyber Security News
Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands Cyber Security News