Skip to content

Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages

High severity GitHub Reviewed Published Feb 17, 2026 in open-webui/open-webui • Updated Jul 7, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts