CVEFinder.io

CVE-2026-54011

⚠️ high
πŸ” Scan for this CVE
Summary

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel: 'loose', attacker-controlled Mermaid content can be rendered unsafely in this flow. A working payload was validated through the Markdown preview path, resulting in JavaScript execution in the vict

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel: 'loose', attacker-controlled Mermaid content can be rendered unsafely in this flow. A working payload was validated through the Markdown preview path, resulting in JavaScript execution in the victim’s browser under the application origin. This vulnerability is fixed in 0.9.6.

CVSS Score
8.7
High
EPSS Score
0.3
Exploit Probability
Published Date
2026-06-23
First Seen: 2026-06-25
πŸ“Š Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 329,778 vulnerabilities in our database.

#62,395
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 23, 2026
πŸ” Exploitation Status
Poc
Proof-of-concept available
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-06-25
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-79

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
openwebui open_webui Affected
< 0.9.6

πŸ”— References 1

https://github.com/open-webui/open-webui/security/ad...
Exploit Mitigation Vendor Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-54006 πŸ”Ά medium 4.3 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST ... 2026-06-23
CVE-2026-54007 πŸ”Ά medium 6.5 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the c... 2026-06-23
CVE-2026-54008 ⚠️ high 8.5 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backe... 2026-06-23
CVE-2026-54009 πŸ”Ά medium 6.5 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST ... 2026-06-23
CVE-2026-54010 ⚠️ high 8.3 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open ... 2026-06-23
CVE-2026-54012 ⚠️ high 7.1 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open ... 2026-06-23
These CVEs affect the same products