CVE-2026-56398 - Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI
CVE ID :CVE-2026-56398 Published : July 15, 2026, 12:18 p.m. | 16 minutes ago Description :Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than...