CVE-2026-45299: Open WebUI has Stored Cross-Site Scripting In Profile Picture

The profile_image_url field on the user profile update form accepted arbitrary data: URI values without MIME-type validation. Two distinct attack paths were independently demonstrated by separate reporters:

1. data:text/html;base64,... in a new browser tab (raresvis, 2025-04-17) — when a victim right-clicks a user’s profile picture and chooses “Open image in new tab”, the browser navigates to the data: URL and executes embedded scripts in the data: origin. Limited to social-engineering / redirect attacks because the script does not run in the application origin.

2. data:image/svg+xml;base64,... re-served by the application origin (Gh05t666nero, 2026-01-09) — GET /api/v1/users/{user_id}/profile/image decoded the base64 and returned StreamingResponse(media_type=<user-controlled>) extracted from the data: header. With media_type=image/svg+xml and Content-Disposition: inline, the SVG-embedded scripts executed in the application origin, enabling JWT theft from localStorage and full account takeover of any user — including admins — who loaded the malicious profile image URL.

Both attack paths share the same root cause (lack of MIME-type validation on profile_image_url) and are closed by the same fix.