Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: open-webui

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-34222
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 week, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week, 1 day ago
  • @LeSuisse accepted 1 week, 1 day ago
  • @LeSuisse published on GitHub 1 week, 1 day ago
Open WebUI has Broken Access Control in Tool Valves

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11.

Affected products

open-webui
  • ==< 0.8.11

Matching in nixpkgs

Package maintainers

Advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m
Permalink CVE-2026-28788
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
updated 1 week, 6 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks ago
  • @LeSuisse accepted 1 week, 6 days ago
  • @LeSuisse published on GitHub 1 week, 6 days ago
Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue.

Affected products

open-webui
  • ==< 0.8.6

Matching in nixpkgs

Package maintainers

Upstream advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j
Permalink CVE-2026-26193
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago
Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox that has `allow-scripts` and `allow-same-origin` set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables stored XSS on the affected chat. This also triggers when the chat is in the shared format. The result is a shareable link containing the payload that can be distributed to any other users on the instance. Version 0.6.44 fixes the issue.

Affected products

open-webui
  • ==< 0.6.44

Matching in nixpkgs

pkgs.open-webui

Comprehensive suite for LLMs with a user-friendly WebUI

Package maintainers

Upstream advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-vjm7-m4xh-7wrc
Upstream patch: https://github.com/open-webui/open-webui/blob/6f1486ffd0cb288d0e21f41845361924e0d742b3/src/lib/components/chat/Messages/ResponseMessage.svelte#L689-L703
Permalink CVE-2026-26192
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago
Open WebUI vulnerable to Stored XSS via iFrame in citations model

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponized document payload in a chat. The payload also executes when the citation is viewed on a shared chat. Version 0.7.0 fixes the issue.

Affected products

open-webui
  • ==< 0.7.0

Matching in nixpkgs

pkgs.open-webui

Comprehensive suite for LLMs with a user-friendly WebUI

Package maintainers

Upstream advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-xc8p-9rr6-97r2
Upstream patch: https://github.com/open-webui/open-webui/blob/6f1486ffd0cb288d0e21f41845361924e0d742b3/src/lib/components/chat/Messages/Citations/CitationModal.svelte#L163-L170