Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3.
AnalysisAI
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary YAML files from the server filesystem via the load_preset() function, exposing sensitive credentials such as passwords, API keys, and connection strings in API responses. The vulnerability requires only network access with no authentication, user interaction, or special configuration, making it a practical attack vector despite the moderate CVSS score of 5.3.
Technical ContextAI
text-generation-webui is an open-source Python-based web interface for running large language models. The vulnerability resides in the load_preset() function, which handles loading configuration presets stored as YAML files. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), meaning the application fails to properly validate and sanitize file path inputs before passing them to YAML parsing operations. An attacker can craft malicious preset parameters containing path traversal sequences (e.g., '../../../etc/passwd' or similar YAML file paths) to escape intended directory boundaries and access arbitrary YAML configuration files on the filesystem. These files are then parsed and their key-value pairs returned directly in API responses, exposing any secrets stored in YAML format. Affected versions include all releases of text-generation-webui prior to 4.3 across all platforms (cpe:2.3:a:oobabooga:text-generation-webui:*:*:*:*:*:*:*:*).
RemediationAI
Upgrade text-generation-webui to version 4.3 or later, which includes a fix for the path traversal vulnerability in load_preset(). The patched version properly validates and sanitizes file path inputs before processing YAML files. Users should update via their deployment method: pip installations should run 'pip install --upgrade text-generation-webui>=4.3', Docker deployments should pull the latest image, and direct repository clones should pull the latest main branch and verify the version tag. For environments unable to upgrade immediately, restrict network access to the text-generation-webui web interface via firewall rules or reverse proxy authentication; however, this is a temporary mitigation only. Refer to the GitHub Security Advisory at https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5 for confirmation and additional guidance.
More in Text Generation Webui
View allRemote unauthenticated file disclosure in oobabooga text-generation-webui versions prior to 4.3 allows arbitrary file re
Server-Side Request Forgery (SSRF) in oobabooga text-generation-webui versions prior to 4.3 allows unauthenticated remot
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary .
Unauthenticated path traversal in text-generation-webui prior to version 4.3 enables remote attackers to read arbitrary
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19667