Storyline

Multiple high-severity vulnerabilities disclosed in Open WebUI and XWiki Platform

Several critical security flaws have been identified in Open WebUI, including multiple stored cross-site scripting (XSS) vulnerabilities and a blind server-side request forgery (SSRF) issue.

Published 2026-07-06 16:52 UTCUpdated 2026-07-07 16:51 UTC
Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (1 domains)domains are deduped. counts indicate coverage, not truth.
1 top source shown
limited source diversity in top sources
Overview

Several critical security flaws have been identified in Open WebUI, including multiple stored cross-site scripting (XSS) vulnerabilities and a blind server-side request forgery (SSRF) issue.

Score total
1.07
Momentum 24h
6
Posts
6
Origins
1
Source types
1
Duplicate ratio
0%
Why now
  • These vulnerabilities have been recently disclosed and assigned CVEs, prompting urgent patching.
  • High severity ratings indicate significant exploitation risk if unaddressed.
  • Affected software versions are in active use, increasing the urgency for remediation.
Why it matters
  • Stored XSS vulnerabilities can enable attackers to hijack user accounts and execute arbitrary code.
  • Blind SSRF flaws may allow attackers to access internal resources or cause denial of service.
  • Path traversal vulnerabilities can lead to unauthorized file access and compromise of the affected system.
Continuity snapshot
  • Trend status: flat.
  • Continuity stage: seed.
  • Current status: open.
  • 6 current source-linked posts are attached to this storyline.
All evidence
All evidence
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
github_advisories · github.com · 2026-07-07 16:51 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 1Origin domains: 1Duplicates: -
Showing 1 / 0
Top publishers (this list)
  • github_advisories (1)
Top origin domains (this list)
  • github.com (1)