CVE-2026-26192 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2026-26192?

CVE-2026-26192 has a CVSS score of 7.3 (HIGH). This stored cross-site scripting (XSS) vulnerability in Open WebUI allows attackers to inject malicious HTML into chat history metadata, which gets executed when users view citations. The payload executes both in private chats and when viewing shared chats. All users running Open WebUI versions before 0.7.0 are affected.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in Open WebUI allows attackers to inject malicious HTML into chat history metadata, which gets executed when users view citations. The payload executes both in private chats and when viewing shared chats. All users running Open WebUI versions before 0.7.0 are affected.

💻 Affected Systems

Products:

Open WebUI

Versions: All versions prior to 0.7.0

Operating Systems: All platforms running Open WebUI

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration and requires no special setup to be exploitable.

📦 What is this software?

Open Webui by Openwebui

View all CVEs affecting Open Webui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform account takeover, deploy malware to users' systems, or pivot to internal network attacks through the compromised user's browser.

🟠

Likely Case

Attackers steal authentication tokens or session cookies to hijack user accounts, potentially accessing sensitive AI conversations and system data.

🟢

If Mitigated

With proper input validation and output encoding, the attack would fail to execute, limiting impact to failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to modify chat history metadata, which typically requires some level of access, but the actual XSS payload execution is straightforward once injected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.7.0

Vendor Advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-xc8p-9rr6-97r2

Restart Required: Yes

Instructions:

1. Backup your Open WebUI configuration and data. 2. Stop the Open WebUI service. 3. Update to version 0.7.0 or later using your package manager or installation method. 4. Restart the Open WebUI service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Disable chat sharing

all

Prevent users from sharing chats to limit the attack surface

Implement WAF rules

all

Add web application firewall rules to block HTML injection patterns in chat metadata

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources
Monitor and audit chat history modifications for suspicious HTML content in metadata fields

🔍 How to Verify

Check if Vulnerable:

Check if your Open WebUI version is below 0.7.0 by examining the version in the web interface or configuration files

Check Version:

Check the web interface dashboard or examine package.json/version files in the installation directory

Verify Fix Applied:

After updating, verify the version shows 0.7.0 or higher and test that HTML content in chat metadata no longer renders as executable code

📡 Detection & Monitoring

Log Indicators:

Unusual chat metadata modifications
HTML or script tags in chat document metadata fields
Multiple failed citation preview attempts

Network Indicators:

Unexpected iframe loading from chat citations
External script loading triggered by chat interactions

SIEM Query:

source="openwebui" AND (metadata_modification OR html_content OR script_tag)

📊 Metadata

CVE ID: CVE-2026-26192

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26192, you might also want to check these: