{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/open-webui--0.9.5/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-56398"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open WebUI (\u003c 0.9.5)"],"_cs_severities":["high"],"_cs_tags":["xss","web-vulnerability","account-takeover","credential-access"],"_cs_type":"advisory","_cs_vendors":["Open WebUI"],"content_html":"\u003cp\u003eA significant stored cross-site scripting (XSS) vulnerability, tracked as CVE-2026-56398, affects Open WebUI versions prior to 0.9.5. This flaw resides within the OAuth authentication flow, specifically concerning the processing of user profile pictures. The core issue stems from the application inferring the MIME type of an uploaded image from its file extension rather than the more reliable Content-Type HTTP header. This misconfiguration allows malicious SVG files, which can contain embedded JavaScript, to bypass the profile image validator. Once a malicious SVG is stored, possibly as a data URI, any authenticated user visiting the profile or an endpoint rendering the image will receive attacker-controlled content. Crucially, this content is delivered with inline disposition and without essential security headers, facilitating the execution of arbitrary JavaScript within the victim's browser, leading to authentication token theft and potential account takeover.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access / Vulnerability Exploitation\u003c/strong\u003e: An attacker, leveraging an existing authenticated user account, identifies and targets the stored XSS vulnerability in Open WebUI's OAuth profile picture upload functionality (CVE-2026-56398).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious Content Creation\u003c/strong\u003e: The attacker crafts a specially designed SVG file that includes malicious JavaScript code intended to exfiltrate authentication tokens from a victim's browser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBypass Validation\u003c/strong\u003e: The attacker uploads the malicious SVG file as their profile picture. Due to the vulnerability, Open WebUI incorrectly infers the SVG's MIME type from its file extension, allowing it to bypass the standard profile image validation checks.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePersistence\u003c/strong\u003e: The Open WebUI application successfully processes and stores the malicious SVG content, which may be converted into a data URI, permanently associating it with the attacker's user profile.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVictim Interaction\u003c/strong\u003e: Another authenticated user (the victim) browses to the attacker's profile page or any other application endpoint that dynamically renders or displays the attacker's profile image.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eClient-Side Execution\u003c/strong\u003e: The victim's web browser fetches and renders the attacker-controlled SVG content. Because the content is served without adequate security headers and with an inline disposition, the embedded malicious JavaScript executes within the victim's browser session, maintaining the same-origin context.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCredential Access\u003c/strong\u003e: The executing JavaScript is designed to access and exfiltrate sensitive authentication tokens (e.g., session cookies, JSON Web Tokens) from the victim's browser, transmitting them to an attacker-controlled server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAccount Takeover\u003c/strong\u003e: The attacker utilizes the stolen authentication tokens to hijack the victim's session, thereby gaining unauthorized control over their Open WebUI account and compromising their data and functionality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-56398 leads to severe consequences, primarily focusing on credential theft and account takeover. Attackers can gain complete control over compromised Open WebUI accounts by stealing authentication tokens, which can then be used to access sensitive information, modify user data, or interact with the platform as the victim. The broad nature of stored XSS vulnerabilities means that any authenticated user viewing the attacker's profile can be affected, posing a significant risk to the user base of vulnerable Open WebUI instances. While specific victim counts are not available, the potential for widespread impact on user accounts is high, affecting the confidentiality, integrity, and availability of user data within the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-56398 by upgrading Open WebUI to version 0.9.5 or later immediately.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T12:22:17Z","date_published":"2026-07-15T12:22:17Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-webui-stored-xss/","summary":"Open WebUI before version 0.9.5 contains a high-severity stored cross-site scripting (XSS) vulnerability, CVE-2026-56398, in its OAuth authentication flow that allows an authenticated attacker to bypass profile image validation by uploading malicious SVG files, leading to script execution, authentication token theft, and ultimately account takeover for other authenticated users.","title":"Open WebUI Stored Cross-Site Scripting Vulnerability (CVE-2026-56398)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-webui-stored-xss/"}],"language":"en","title":"CraftedSignal Threat Feed - Open WebUI (\u003c 0.9.5)","version":"https://jsonfeed.org/version/1.1"}