Skip to main content

Text Generation Webui CVE-2026-35484

| EUVDEUVD-2026-19667 MEDIUM
Path Traversal (CWE-22)
2026-04-07 GitHub_M
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
4.3
EUVD ID Assigned
Apr 07, 2026 - 15:00 euvd
EUVD-2026-19667
Analysis Generated
Apr 07, 2026 - 15:00 vuln.today
CVE Published
Apr 07, 2026 - 14:46 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3.

AnalysisAI

Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary YAML files from the server filesystem via the load_preset() function, exposing sensitive credentials such as passwords, API keys, and connection strings in API responses. The vulnerability requires only network access with no authentication, user interaction, or special configuration, making it a practical attack vector despite the moderate CVSS score of 5.3.

Technical ContextAI

text-generation-webui is an open-source Python-based web interface for running large language models. The vulnerability resides in the load_preset() function, which handles loading configuration presets stored as YAML files. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), meaning the application fails to properly validate and sanitize file path inputs before passing them to YAML parsing operations. An attacker can craft malicious preset parameters containing path traversal sequences (e.g., '../../../etc/passwd' or similar YAML file paths) to escape intended directory boundaries and access arbitrary YAML configuration files on the filesystem. These files are then parsed and their key-value pairs returned directly in API responses, exposing any secrets stored in YAML format. Affected versions include all releases of text-generation-webui prior to 4.3 across all platforms (cpe:2.3:a:oobabooga:text-generation-webui:*:*:*:*:*:*:*:*).

RemediationAI

Upgrade text-generation-webui to version 4.3 or later, which includes a fix for the path traversal vulnerability in load_preset(). The patched version properly validates and sanitizes file path inputs before processing YAML files. Users should update via their deployment method: pip installations should run 'pip install --upgrade text-generation-webui>=4.3', Docker deployments should pull the latest image, and direct repository clones should pull the latest main branch and verify the version tag. For environments unable to upgrade immediately, restrict network access to the text-generation-webui web interface via firewall rules or reverse proxy authentication; however, this is a temporary mitigation only. Refer to the GitHub Security Advisory at https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5 for confirmation and additional guidance.

Share

CVE-2026-35484 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy