{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T19:50:49.386","vulnerabilities":[{"cve":{"id":"CVE-2026-26193","sourceIdentifier":"security-advisories@github.com","published":"2026-02-19T20:25:42.453","lastModified":"2026-02-20T20:15:37.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox that has `allow-scripts` and `allow-same-origin` set, ignoring the \"iframe Sandbox Allow Same Origin\" configuration. This enables stored XSS on the affected chat. This also triggers when the chat is in the shared format. The result is a shareable link containing the payload that can be distributed to any other users on the instance. Version 0.6.44 fixes the issue."},{"lang":"es","value":"Open WebUI es una plataforma de inteligencia artificial autoalojada diseñada para operar totalmente fuera de línea. Antes de la versión 0.6.44, la modificación manual del historial de chat permite establecer la propiedad `embeds` en un mensaje de respuesta, cuyo contenido se carga en un iFrame con una sandbox que tiene `allow-scripts` y `allow-same-origin` configurados, ignorando la configuración 'iframe Sandbox Allow Same Origin'. Esto permite XSS almacenado en el chat afectado. Esto también se activa cuando el chat está en formato compartido. El resultado es un enlace compartible que contiene la carga útil que puede distribuirse a cualquier otro usuario de la instancia. La versión 0.6.44 soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.44","matchCriteriaId":"9B9073E6-F689-4A81-8912-A2A84C694572"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/blob/6f1486ffd0cb288d0e21f41845361924e0d742b3/src/lib/components/chat/Messages/ResponseMessage.svelte#L689-L703","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-vjm7-m4xh-7wrc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}