Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3.
AnalysisAI
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary .txt files from the server filesystem via the load_prompt() function, with file contents returned directly in API responses. The vulnerability requires no authentication, user interaction, or special conditions, resulting in confidentiality impact with a CVSS score of 5.3. A vendor-released patch is available in version 4.3.
Technical ContextAI
text-generation-webui (CPE: cpe:2.3:a:oobabooga:text-generation-webui:*:*:*:*:*:*:*:*) is an open-source Python web interface for deploying and interacting with large language models. The vulnerability exists in the load_prompt() function, which fails to properly validate or sanitize file path inputs, enabling CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) attacks. Attackers can craft requests using path traversal sequences (e.g., ../) to access files outside the intended prompt directory, with the function returning file contents verbatim in HTTP responses. This is a classic server-side path traversal flaw where insufficient input validation allows directory escape without filesystem-level access controls being bypassed.
RemediationAI
Upgrade text-generation-webui to version 4.3 or later, which contains the fix for this path traversal vulnerability. Users unable to upgrade immediately should restrict network access to the text-generation-webui interface using firewall rules, reverse proxy authentication, or VPN requirements to limit exposure of the load_prompt() endpoint. Review server logs for evidence of path traversal attempts (requests containing ../ or similar sequences in prompt-loading requests). For additional details and verification, refer to the GitHub security advisory at https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7.
More in Text Generation Webui
View allRemote unauthenticated file disclosure in oobabooga text-generation-webui versions prior to 4.3 allows arbitrary file re
Server-Side Request Forgery (SSRF) in oobabooga text-generation-webui versions prior to 4.3 allows unauthenticated remot
Unauthenticated path traversal in text-generation-webui prior to version 4.3 allows remote attackers to read arbitrary Y
Unauthenticated path traversal in text-generation-webui prior to version 4.3 enables remote attackers to read arbitrary
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19672