CVE-2024-7053 Overview
CVE-2024-7053 is a session fixation vulnerability in open-webui/open-webui version 0.3.8. The application sets session cookies with the default SameSite=Lax attribute and omits the Secure flag. This configuration allows session cookies to traverse HTTP to cross-origin domains. An authenticated user-level attacker can embed a malicious markdown image in a chat thread. When an administrator renders the chat, the browser transmits the admin session cookie to an attacker-controlled server. The result is a stealthy administrator account takeover that can be escalated to remote code execution (RCE) through privileged administrator functionality.
Critical Impact
Successful exploitation yields full administrator session takeover and potential remote code execution on the open-webui instance.
Affected Products
- openwebui open_webui version 0.3.8
- Deployments using default cookie configuration (SameSite=Lax, no Secure flag)
- Multi-user open-webui instances where administrators interact with user-generated chat content
Discovery Timeline
- 2025-03-20 - CVE-2024-7053 published to the National Vulnerability Database (NVD)
- 2025-04-01 - Last updated in NVD database
Technical Details for CVE-2024-7053
Vulnerability Analysis
The flaw is a session fixation issue tracked under CWE-79, reflecting its delivery via stored cross-site content. The open-webui application issues authenticated session cookies without the Secure flag and with the permissive SameSite=Lax default. These cookies accompany requests initiated by browser-rendered resources, including images referenced inside markdown. Because chat content is shared between users and administrators, the markdown renderer becomes the delivery channel for attacker-controlled HTML. The privilege boundary between standard users and administrators collapses once the admin session token leaves the browser.
Root Cause
The root cause is insecure cookie configuration combined with unsanitized markdown rendering. SameSite=Lax permits cookies on top-level cross-site GET requests, and the missing Secure flag allows transmission over plaintext HTTP. The application does not restrict image sources in markdown content, so any user can author an  reference. When an administrator views the chat, the outbound request carries the admin session cookie to the attacker endpoint.
Attack Vector
Exploitation requires a low-privileged authenticated account and administrator interaction. The attacker posts a chat message containing a markdown image whose URL points to a logging endpoint they control. The administrator views the conversation, the browser fetches the image, and the admin session cookie is appended to the request headers received by the attacker. The attacker replays the captured cookie against the open-webui instance, assumes the administrator session, and uses administrative features to pivot toward RCE.
No verified exploit code is published. Technical details are available in the Huntr Bounty Report.
Detection Methods for CVE-2024-7053
Indicators of Compromise
- Outbound HTTP requests from administrator browsers to untrusted external hosts triggered by chat rendering
- Chat messages containing markdown image references with external URLs, especially shortened or obfuscated domains
- Administrator sessions originating from new IP addresses or user agents shortly after a user posted chat content
- Web server access logs showing Cookie: headers containing open-webui session tokens sent to unexpected hosts
Detection Strategies
- Inspect open-webui database tables for stored chat content containing  markdown image syntax pointing to external domains
- Correlate administrator login events with preceding user-generated content interactions to identify session replay patterns
- Monitor egress traffic from administrator workstations for connections to low-reputation domains generated by markdown rendering
- Audit Set-Cookie headers from the open-webui server to confirm whether Secure and stricter SameSite attributes are present
Monitoring Recommendations
- Forward open-webui application and reverse proxy logs to a centralized analytics platform for session anomaly correlation
- Alert on administrator account activity sourced from IP addresses not previously associated with the admin user
- Track outbound DNS queries from rendering clients to detect markdown-driven exfiltration channels
- Continuously verify cookie security attributes after every open-webui upgrade or configuration change
How to Mitigate CVE-2024-7053
Immediate Actions Required
- Upgrade open-webui to a version newer than 0.3.8 that ships with hardened cookie defaults and markdown sanitization
- Force-invalidate all existing administrator sessions and rotate API keys after upgrading
- Restrict open-webui access behind HTTPS-only ingress and disable plaintext HTTP listeners
- Limit administrator accounts to dedicated workstations that do not browse user-generated chats
Patch Information
No vendor advisory URL is published in the NVD record. Review the Huntr Bounty Report and the open-webui project release notes for the fixed version. Confirm that post-upgrade responses set session cookies with Secure, HttpOnly, and SameSite=Strict attributes.
Workarounds
- Terminate Transport Layer Security (TLS) at a reverse proxy and rewrite session cookies to include the Secure flag and SameSite=Strict
- Deploy a Content Security Policy (CSP) that restricts img-src to the open-webui origin, blocking external image fetches from markdown
- Strip or rewrite markdown image tags pointing to external domains at the proxy layer until a patched release is deployed
- Segregate administrative tasks to a separate browser profile to prevent cookie exposure during chat review
# Configuration example: enforce secure cookies via nginx reverse proxy
proxy_cookie_flags ~ secure samesite=strict httponly;
add_header Content-Security-Policy "img-src 'self' data:; default-src 'self'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
