mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-15 21:19:39 -05:00
[GH-ISSUE #22315] Security: Stored XSS via HTML file serving #74300
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Vext-Labs on GitHub (Mar 6, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/22315
This issue was filed in error and has been withdrawn. We apologize for the noise.
@Classic298 commented on GitHub (Mar 6, 2026):
🤨
what do you mean 03-06 (today) + 90 days public disclosure?
posting an issue is public disclosure.
Next time using the Github security reporting mechanism we have: https://github.com/open-webui/open-webui/security
and read through the vulnerability reporting guidelines to ensure you are reporting a valid vulnerability. I am reading the admin has to do something malicious. Might fall into one of the exceptions.
@Vext-Labs commented on GitHub (Mar 6, 2026):
@Classic298 — You're absolutely right, and we apologize. We should have used your private security reporting at https://github.com/open-webui/open-webui/security instead of filing a public issue. That was a failure in our disclosure process.
You're also correct that the disclosure timeline is contradictory — posting publicly on day 1 is not "responsible disclosure + 90 days." That boilerplate language should have been removed for public filings.
Regarding the finding itself: you raise a fair point that it requires admin action (uploading a malicious HTML file). We understand if this doesn't meet your vulnerability threshold given the trust model for admin users.
We'll use your security reporting process for any future findings. Apologies for the noise.
@YasharF commented on GitHub (Mar 6, 2026):
@Classic298 Feel free to report this to Github. The issues is actually created by some automated AI spam thing which has spammed many repos.
@Vext-Labs commented on GitHub (Mar 6, 2026):
Withdrawing this report. We apologize for the noise — this should have been filed through proper security disclosure channels, not as a public issue. Closing.
@Vext-Labs commented on GitHub (Mar 6, 2026):
We apologize for the noise — these were inadvertently auto-reported as public GitHub issues, which should have never happened. They should have gone through proper security disclosure channels instead. Thank you for your understanding.
@Classic298 commented on GitHub (Mar 6, 2026):
@YasharF thanks for letting me know we will take appropriate action