python · open-webuiCritical

open-webui: Cross-Origin Message Injection in Chat.svelte

The chat message listener in Chat.

18 Jun 2026Read 1 minSeverity: act now

What changed

The chat message listener in Chat.svelte allows non-same-origin `input:prompt` and `action:submit` messages, enabling cross-origin prompt injection and submission without confirmation.

Who it affects

Authenticated users of Open WebUI who visit a malicious page while logged in.

What to do today

Apply the fix that enforces same-origin restrictions on postMessage events in Chat.svelte.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · open-webui

open-webui: Cross-Origin Message Injection in Chat.svelte

What changed

Who it affects

What to do today

More on open-webui

vllm: Temperature validation silently passes NaN and +Inf values

vllm: Fix three image processing issues (EXIF orientation, PNG tRNS, APNG/GIF frames)