#auth

## Summary A **Stored XSS vulnerability** has been discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to **execute arbitrary JavaScript code** and **steal session tokens** when a victim downloads the note as PDF. This vulnerability can be exploited by **any authenticated user**, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. ## Details ### Vulnerability Location **File:** `src/lib/components/notes/utils.ts` **Function:** `downloadPdf()` **Vulnerable Code (Line 35):** ```typescript const contentNode = document.createElement('div'); contentNode.innerHTML = html; // Direct assignment without DOMPurify sanitization node.appendChild(contentNode); document.body.appendChild(node); ``` ### Root Cause 1. **Incomplete TipTap Editor Configuration** - Open-WebUI only uses ...

### Summary A Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. ### Details The vulnerability exists in the /api/v1/retrieval/process/web endpoint located in backend/open_webui/routers/retrieval.py at lines 1758-1767. Vulnerable code: @router.post("/process/web") def process_web( request: Request, form_data: ProcessUrlForm, user=Depends(get_verified_user) ): try: collection_name = form_data.collection_name if not collection_name: collection_name = calculate_sha256_string(form_data.url)[:63] content, docs = get_content_from_url(request, form_data.url) # ← SSRF vulnerability Th...

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco&

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

We follow the trail of a simple insurance text scam to show how it can spiral into full-blown identity theft.

On platforms without the `core::arch::aarch64::vxarq_u64` intrinsic, an unverified fallback in `libcrux-intrinsics` v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused `libcrux-ml-kem` and `libcrux-ml-dsa` to sample incorrectly, yielding incorrect shared secrets and invalid signatures. The issue has been fixed in v0.0.4.

### Impact Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and unauthorized access to the Central Dogma instance. ### Patches This vulnerability is addressed and resolved in Central Dogma version 0.78.0. The server operators who run Central Dogma server with Shiro authentication are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the open redirect vulnerability. ### Workarounds Implement `AuthProvider` to overrides `webLoginService()`. ### References - https://cwe.mitre.org/data/definitions/601.html

Due to a bug in sandboxing logic, `sandbox-runtime` did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. Thank you to https://github.com/bendrucker for reporting this issue!