Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions data/vuln/open-webui/CVE-2025-46719.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
info:
name: openwebui
cve: CVE-2025-46719
summary: Open WebUI 存在存储型 XSS 漏洞,通过聊天消息中的 HTML 标签注入 JavaScript 代码。
details: |
Open WebUI 在 0.6.6 之前版本中,聊天消息渲染时对某些 HTML 标签处理不当,
攻击者可在聊天记录中注入 JavaScript 代码。该代码在用户每次打开该聊天记录时执行,
可窃取用户访问令牌并完全控制其账户。聊天记录可在同一服务器用户间共享,
若管理员启用了"Community Sharing"则可向整个社区传播。
若针对管理员用户利用此漏洞,可通过创建包含恶意 Python 代码的函数实现远程代码执行。
该漏洞还影响 openwebui.com 上的共享聊天记录,形成可蠕虫式传播的存储型 XSS。
该漏洞在 0.6.6 版本中修复。
cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
severity: MEDIUM
security_advise: |
1. 将 Open-WebUI 升级到 `0.6.6` 或更高版本。
2. 在管理员面板中禁用 "Enable Community Sharing" 功能,减少攻击面。
3. 对聊天消息中的 HTML 内容进行严格的输入清理,使用 DOMPurify 等库过滤危险标签。
4. 限制函数创建功能的权限,仅允许受信任的管理员创建自定义函数。
rule: version > "0" && version < "0.6.6"
references:
- https://github.com/open-webui/open-webui/security/advisories/GHSA-9f4f-jv96-8766
- https://nvd.nist.gov/vuln/detail/CVE-2025-46719
- https://github.com/open-webui/open-webui/commit/6fd082d55ffaf6eb226efdeebc7155e3693d2d01
- https://github.com/open-webui/open-webui
20 changes: 20 additions & 0 deletions data/vuln/open-webui/CVE-2026-45346.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
info:
name: openwebui
cve: CVE-2026-45346
summary: Open WebUI 的 SVG 渲染器存在存储型跨站脚本漏洞。
details: |
Open WebUI 在 0.6.31 之前版本中,SVG 渲染器实现存在跨站脚本漏洞。
攻击者可通过构造恶意 SVG 内容注入 JavaScript 代码,在用户浏览器中执行。
该漏洞可导致用户会话令牌窃取和账户接管。
该漏洞在 0.6.31 版本中修复。
cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
severity: MEDIUM
security_advise: |
1. 将 Open-WebUI 升级到 `0.6.31` 或更高版本。
2. 对 SVG 内容进行严格清理,移除其中的 <script> 标签和事件处理器属性。
3. 使用 CSP(Content Security Policy)限制内联脚本执行。
rule: version > "0" && version < "0.6.31"
references:
- https://github.com/open-webui/open-webui/security/advisories/GHSA-r29h-37fj-x2w6
- https://nvd.nist.gov/vuln/detail/CVE-2026-45346
- https://github.com/open-webui/open-webui
22 changes: 22 additions & 0 deletions data/vuln/open-webui/CVE-2026-54014.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
info:
name: openwebui
cve: CVE-2026-54014
summary: Open WebUI 缓存文件服务端点存在路径遍历漏洞,允许认证用户读取缓存目录之外的文件。
details: |
Open WebUI 在 0.9.6 之前版本中,缓存文件服务端点 serve_cache_file() 存在路径遍历漏洞。
该函数使用 file_path.startswith(os.path.abspath(CACHE_DIR)) 验证路径,
但未追加 os.sep 作为路径分隔符,导致任何解析为以 "cache" 开头的同级目录
(如 cache_sibling、cache_backup、cached_models)的路径均可通过验证。
已认证用户可利用此漏洞读取缓存目录同级目录中的任意文件。
该漏洞在 0.9.6 版本中修复。
cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
severity: MEDIUM
security_advise: |
1. 将 Open-WebUI 升级到 `0.9.6` 或更高版本。
2. 对文件路径验证使用严格的规范化比较,确保路径在目标目录之内。
3. 限制缓存文件服务端点的访问权限,仅允许必要的服务内部调用。
rule: version > "0" && version < "0.9.6"
references:
- https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c
- https://nvd.nist.gov/vuln/detail/CVE-2026-54014
- https://github.com/open-webui/open-webui
26 changes: 26 additions & 0 deletions data/vuln_en/open-webui/CVE-2025-46719.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
info:
name: openwebui
cve: CVE-2025-46719
summary: Open WebUI is vulnerable to stored XSS via HTML tags in chat messages, enabling session token theft and potential RCE.
details: |
Open WebUI prior to version 0.6.6 improperly handles certain HTML tags during chat message rendering,
allowing attackers to inject JavaScript code into chat records. This code executes every time a user
opens the affected chat record, enabling session token theft and full account takeover. Chat records
can be shared among users on the same server, and if an administrator has enabled "Community Sharing,"
the payload can spread to the entire community. When exploited against an administrator, this
vulnerability can lead to remote code execution via creation of functions containing malicious Python
code. The vulnerability also affects shared chat records on openwebui.com, enabling worm-like
propagation of the stored XSS. This was fixed in version 0.6.6.
cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
severity: MEDIUM
security_advise: |
1. Upgrade Open-WebUI to version `0.6.6` or later.
2. Disable the "Enable Community Sharing" feature in the admin panel to reduce the attack surface.
3. Apply strict input sanitization on HTML content in chat messages using libraries such as DOMPurify to filter dangerous tags.
4. Restrict function creation permissions to trusted administrators only.
rule: version > "0" && version < "0.6.6"
references:
- https://github.com/open-webui/open-webui/security/advisories/GHSA-9f4f-jv96-8766
- https://nvd.nist.gov/vuln/detail/CVE-2025-46719
- https://github.com/open-webui/open-webui/commit/6fd082d55ffaf6eb226efdeebc7155e3693d2d01
- https://github.com/open-webui/open-webui
20 changes: 20 additions & 0 deletions data/vuln_en/open-webui/CVE-2026-45346.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
info:
name: openwebui
cve: CVE-2026-45346
summary: Open WebUI SVG renderer is vulnerable to stored cross-site scripting.
details: |
Open WebUI prior to version 0.6.31 has a cross-site scripting vulnerability in its SVG renderer
implementation. Attackers can inject JavaScript code by crafting malicious SVG content, which
executes in the victim's browser. This can lead to session token theft and account takeover.
This was fixed in version 0.6.31.
cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
severity: MEDIUM
security_advise: |
1. Upgrade Open-WebUI to version `0.6.31` or later.
2. Sanitize SVG content strictly, removing <script> tags and event handler attributes.
3. Use CSP (Content Security Policy) to restrict inline script execution.
rule: version > "0" && version < "0.6.31"
references:
- https://github.com/open-webui/open-webui/security/advisories/GHSA-r29h-37fj-x2w6
- https://nvd.nist.gov/vuln/detail/CVE-2026-45346
- https://github.com/open-webui/open-webui
23 changes: 23 additions & 0 deletions data/vuln_en/open-webui/CVE-2026-54014.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
info:
name: openwebui
cve: CVE-2026-54014
summary: Open WebUI cache file serving endpoint is vulnerable to path traversal, allowing authenticated users to read files outside the cache directory.
details: |
Open WebUI prior to version 0.9.6 has a path traversal vulnerability in the cache file serving
endpoint serve_cache_file(). The function validates paths using
file_path.startswith(os.path.abspath(CACHE_DIR)) without appending os.sep as a path separator,
allowing any path that resolves to a sibling directory starting with "cache" (such as
cache_sibling, cache_backup, cached_models) to pass validation. Authenticated users can exploit
this to read arbitrary files in sibling directories of the cache directory.
This was fixed in version 0.9.6.
cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
severity: MEDIUM
security_advise: |
1. Upgrade Open-WebUI to version `0.9.6` or later.
2. Use strict canonicalization-based path comparison to ensure paths remain within the target directory.
3. Restrict access to the cache file serving endpoint, allowing only necessary internal service calls.
rule: version > "0" && version < "0.9.6"
references:
- https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c
- https://nvd.nist.gov/vuln/detail/CVE-2026-54014
- https://github.com/open-webui/open-webui
Loading