Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Critical Open WebUI Vulnerability Lets Attackers Achieve RCE via File Upload
CyberSecurity News

Critical Open WebUI Vulnerability Lets Attackers Achieve RCE via File Upload

Key Takeaways A critical, unpatched vulnerability in Open WebUI allows for one-click Remote Code Execution (RCE) or account takeover. The flaw, tracked as a Stored Cross-Site Scripting (XSS), resides...

Jennifer sherman
Jennifer sherman
May 12, 2026 3 Min Read
69 0

Key Takeaways

  • A critical, unpatched vulnerability in Open WebUI allows for one-click Remote Code Execution (RCE) or account takeover.
  • The flaw, tracked as a Stored Cross-Site Scripting (XSS), resides in the platform’s profile image upload functionality.
  • Attackers can exploit this by uploading a malicious SVG file containing a JavaScript payload.
  • All versions of Open WebUI up to and including 0.7.2 are affected.
  • No official patch is available, and a Proof of Concept (PoC) exploit has been publicly disclosed.

Unpatched Open WebUI Flaw Enables One-Click RCE and Account Takeover

A severe security vulnerability in the Open WebUI platform, currently without an official patch, exposes users to one-click remote code execution (RCE) or complete account hijacking. This critical flaw allows attackers to compromise AI workspaces, potentially leading to the theft of sensitive chat histories and unauthorized access.

Table Of Content

  • Key Takeaways
  • Unpatched Open WebUI Flaw Enables One-Click RCE and Account Takeover
  • Technical Details of the Vulnerability
  • Impact Based on User Privileges
  • Disclosure Timeline and Current Status
  • What You Should Do

Security researcher Metin Yunus Kandemir identified the vulnerability, which stems from a Stored Cross-Site Scripting (XSS) defect within Open WebUI’s profile picture upload mechanism. The researcher’s attempts to responsibly disclose the issue were reportedly dismissed by the developers, leading to the public release of exploit code, leaving users exposed to potential attacks.

Technical Details of the Vulnerability

The core of the vulnerability lies in the way Open WebUI processes uploaded user profile images. Specifically, the /backend/open_webui/routers/users.py file, responsible for handling image data, lacks adequate restrictions on the types of media files users can upload. Instead of enforcing standard image formats like JPEG or PNG, the system permits the upload of malicious SVG files.

These specially crafted SVG files can contain Base64-encoded JavaScript payloads. Critically, the application employs an “inline” content disposition for these files. This configuration prevents the browser from downloading the SVG file as a separate entity. Instead, when a victim navigates to the link of a malicious profile image, their web browser immediately executes the embedded JavaScript, triggering the attack.

Impact Based on User Privileges

The severity of an attack leveraging this vulnerability varies significantly depending on the victim’s role and permissions within the Open WebUI environment:

  • Administrators: If an administrator or a user with workspace management privileges clicks on a link to a malicious image, the attacker achieves one-click Remote Code Execution (RCE). The embedded JavaScript silently leverages the application’s API to create a rogue tool, establishing a persistent backdoor into the system.
  • Standard Users: For regular users, clicking the malicious link results in an Account Takeover (ATO). The script covertly extracts the user’s authentication tokens from their browser storage and exfiltrates their entire chat history to an external server.

The attack requires no further authentication if the victim is already logged into Open WebUI, executing instantly in the background.

Disclosure Timeline and Current Status

This zero-day vulnerability affects Open WebUI versions up to and including 0.7.2. Metin Yunus Kandemir initially reported the issue to the vendor on March 10, 2026. However, on May 6, 2026, the Open WebUI team closed the report, citing it as a duplicate and referencing an unspecified security advisory. They informed the researcher, identified as UseHacker, that the vulnerability report would not receive official recognition.

According to UseHacker, Kandemir publicly released the full Proof of Concept (PoC) for the exploit on May 8, 2026, believing the vendor’s response constituted a breach of responsible disclosure protocols. As of now, no official patch has been released, leaving organizations utilizing Open WebUI to implement manual mitigations.

What You Should Do

Given the absence of an official patch, organizations and individual users of Open WebUI must take immediate action to protect their environments:

  • Restrict File Types: Administrators should modify the backend code to enforce a strict allowlist for the media_type variable. Only secure image formats such as image/png, image/jpeg, image/gif, and image/webp should be permitted. It is crucial to explicitly block image/svg+xml.
  • Exercise Caution with Links: Until an official patch is deployed, users must remain extremely vigilant. Avoid clicking on any unexpected or suspicious links that redirect to the Open WebUI application, particularly URLs containing segments like /profile/image or /auth?redirect=.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitHackerPatchSecurityVulnerabilityzero-day

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

SAP Patches Critical SQL Injection in S/4HANA (CVE-2023-XXXXX)

Next Post

Ivanti Patches Critical Flaws in Secure Access, Endpoint Manager

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us