CVE-2026-26192

{"id": "CVE-2026-26192", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2026-02-19T20:25:42.290", "references": [{"url": "https://github.com/open-webui/open-webui/blob/6f1486ffd0cb288d0e21f41845361924e0d742b3/src/lib/components/chat/Messages/Citations/CitationModal.svelte#L163-L170", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-xc8p-9rr6-97r2", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponized document payload in a chat. The payload also executes when the citation is viewed on a shared chat. Version 0.7.0 fixes the issue."}, {"lang": "es", "value": "Open WebUI es una plataforma de inteligencia artificial autoalojada dise\u00f1ada para operar completamente sin conexi\u00f3n. Antes de la versi\u00f3n 0.7.0, la modificaci\u00f3n manual del historial de chat permite establecer la propiedad 'html' dentro de los metadatos del documento. Esto hace que el frontend entre en una ruta de c\u00f3digo que trata el contenido del documento como HTML y los renderiza en un iFrame cuando se previsualiza la cita. Esto permite XSS almacenado a trav\u00e9s de una carga \u00fatil de documento maliciosa en un chat. La carga \u00fatil tambi\u00e9n se ejecuta cuando se visualiza la cita en un chat compartido. La versi\u00f3n 0.7.0 soluciona el problema."}], "lastModified": "2026-02-20T20:17:25.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AE20317-BF77-4682-9CD1-719E5CAC3373", "versionEndExcluding": "0.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}