CVE-2026-45346

UNKNOWN 0.0

Open WebUI: Stored Cross-Site Scripting in SVG Renderer

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. This vulnerability is fixed in 0.6.31.

CWE	CWE-80
Vendor	open-webui
Product	open-webui
Published	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for open-webui open-webui

Be the first to know when new unknown vulnerabilities affecting open-webui open-webui are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

open-webui / open-webui

< 0.6.31

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/open-webui/open-webui/security/advisories/GHSA-r29h-37fj-x2w6