GHSA-jwf8-pv5p-vhmc HIGH pip/open-webui

CVE: CVE-2026-44549

Summary

Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTML. This is subsequently added to the DOM unsanitized via @html causing the payload to trigger.

Details

The function used to convert XLSX documents to HTML for preview does not perform any input validation or sanitisation for the generated HTML

https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7e65f9a45e7d753/src/lib/components/common/FileItemModal.svelte#L120-L133

XLSX attachments are processed by this function, converted to HTML with XLSX.utils.sheet_to_html before ultimately being assigned to the variable excelHtml. Later there is logic that causes this to be assigned directly to the DOM when the preview tab is selected.

https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7e65f9a45e7d753/src/lib/components/common/FileItemModal.svelte#L358-L400

PoC

A python script to generate a payload file is as follows:

import xlsxwriter                                                                                                                
                                                                                                                                 
payload = '<img src=x onerror="alert(\'XSS Triggered by XLSX file\')">'                                                          
                                                                                                                             
workbook = xlsxwriter.Workbook('xss_payload.xlsx')                                                                           
worksheet = workbook.add_worksheet()

📌 来源: GitHub-Advisory | 🆔 CVE-2026-44549 | 📅 2026-05-08