Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the content is returned verbatim; for .yaml files a parsed key is extracted. This vulnerability is fixed in 4.3.
AnalysisAI
Unauthenticated path traversal in text-generation-webui prior to version 4.3 enables remote attackers to read arbitrary files with .jinja, .jinja2, .yaml, or .yml extensions from the server filesystem. The vulnerability resides in the load_template() function and allows disclosure of configuration files, templates, and other sensitive data without authentication. EPSS score of 5.3 reflects low to moderate real-world exploitation risk despite network accessibility, as successful exploitation requires knowledge of file paths and extension constraints.
Technical ContextAI
text-generation-webui is an open-source Python-based web interface for deploying and interacting with large language models. The vulnerability stems from insufficient input validation in the load_template() function, which fails to properly sanitize user-supplied template path parameters. This permits directory traversal sequences (e.g., '../../../etc/') to bypass intended directory restrictions. The root cause is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). Affected versions prior to 4.3 expose template loading operations to unauthenticated requests over the network (AV:N), requiring no special privilege escalation (PR:N) and no user interaction (UI:N). File disclosure is limited to specific extensions (.jinja, .jinja2, .yaml, .yml), reducing but not eliminating exposure of sensitive application configuration and secrets.
RemediationAI
Upgrade text-generation-webui to version 4.3 or later to apply the vendor-released patch. Users on earlier versions should prioritize this upgrade as it directly addresses the path traversal vulnerability in load_template(). As an interim measure pending upgrade, restrict network access to the text-generation-webui service using firewall rules or network segmentation to limit exposure to trusted internal networks only; however, this is not a substitute for patching. Refer to the official GitHub Security Advisory at https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-85fx-vw25-4c95 for detailed patch notes and upgrade instructions.
More in Text Generation Webui
View allRemote unauthenticated file disclosure in oobabooga text-generation-webui versions prior to 4.3 allows arbitrary file re
Server-Side Request Forgery (SSRF) in oobabooga text-generation-webui versions prior to 4.3 allows unauthenticated remot
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary .
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary Y
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19665