Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
7DescriptionGitHub Advisory
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown values, so an attacker can POST directory traversal payloads (e.g., ../../../etc/passwd) via the API and receive the full file contents in the response. This vulnerability is fixed in 4.3.
AnalysisAI
Remote unauthenticated file disclosure in oobabooga text-generation-webui versions prior to 4.3 allows arbitrary file reading through path traversal in load_grammar() function. Attackers can retrieve any file from the server filesystem without authentication by exploiting insufficient validation of Gradio dropdown values, submitting directory traversal sequences via API requests. EPSS data not available; no public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L) requiring only network access.
Technical ContextAI
The vulnerability resides in text-generation-webui's load_grammar() function, which interfaces with the Gradio framework for web UI functionality. Gradio's dropdown components lack server-side validation of submitted values, creating a classic path traversal attack surface (CWE-22). When processing grammar file requests, the application fails to sanitize user-supplied file paths before filesystem operations. Attackers can inject directory traversal sequences (../../../) through POST requests to the Gradio API endpoint, bypassing intended directory restrictions. The affected component (cpe:2.3:a:oobabooga:text-generation-webui) is commonly deployed for self-hosted LLM inference, often containing sensitive configuration files, API keys, and model data on the same filesystem. No file extension filtering exists, enabling access to arbitrary file types including system files like /etc/passwd on Linux systems or configuration files containing credentials.
RemediationAI
Immediate upgrade to text-generation-webui version 4.3 or later is required, as this release contains fixes for the path traversal vulnerability in load_grammar() function with proper input validation. Organizations should update by pulling the latest release from the official GitHub repository at https://github.com/oobabooga/text-generation-webui and redeploying the application. As interim mitigation for systems that cannot immediately upgrade, restrict network access to the Gradio web interface using firewall rules or reverse proxy authentication, limiting exposure to trusted IP ranges only. Review server logs for suspicious API requests containing directory traversal patterns (../, %2e%2e%2f, absolute paths) targeting grammar loading endpoints. After patching, conduct file integrity checks on sensitive files (configuration files, SSH keys, application secrets) to detect potential prior compromise. Full remediation guidance is available in the GitHub Security Advisory GHSA-hqg5-487v-5mc6 at https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6.
More in Text Generation Webui
View allServer-Side Request Forgery (SSRF) in oobabooga text-generation-webui versions prior to 4.3 allows unauthenticated remot
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary .
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary Y
Unauthenticated path traversal in text-generation-webui prior to version 4.3 enables remote attackers to read arbitrary
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19669