Skip to main content

Text Generation Webui EUVDEUVD-2026-19671

| CVE-2026-35486 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-07 GitHub_M
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:05 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
4.3
EUVD ID Assigned
Apr 07, 2026 - 15:30 euvd
EUVD-2026-19671
Analysis Generated
Apr 07, 2026 - 15:30 vuln.today
CVE Published
Apr 07, 2026 - 14:49 nvd
HIGH 7.5

DescriptionGitHub Advisory

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get() with zero validation - no scheme check, no IP filtering, no hostname allowlist. An attacker can access cloud metadata endpoints, steal IAM credentials, and probe internal services. The fetched content is exfiltrated through the RAG pipeline. This vulnerability is fixed in 4.3.

AnalysisAI

Server-Side Request Forgery (SSRF) in oobabooga text-generation-webui versions prior to 4.3 allows unauthenticated remote attackers to access cloud metadata endpoints, exfiltrate IAM credentials, and probe internal network services via malicious URLs processed by the superbooga/superboogav2 RAG extensions. The vulnerability stems from unvalidated requests.get() calls with no scheme, IP, or hostname filtering. No public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L). EPSS data not provided, but the attack vector is network-accessible without authentication (AV:N/PR:N), making this a significant risk for publicly exposed instances in cloud environments.

Technical ContextAI

The vulnerability affects oobabooga text-generation-webui (CPE: cpe:2.3:a:oobabooga:text-generation-webui), a web interface for running Large Language Models with Retrieval-Augmented Generation (RAG) capabilities. The flaw is classified as CWE-918 (Server-Side Request Forgery), occurring in the superbooga and superboogav2 extensions. These extensions implement RAG functionality by fetching external content via Python's requests.get() without input validation. The lack of URL scheme validation, IP address filtering, or hostname allowlisting enables attackers to specify internal URLs (e.g., http://169.254.169.254/latest/meta-data/ for AWS metadata, http://metadata.google.internal/ for GCP) or RFC1918 private network addresses. The fetched content is then processed through the RAG pipeline, creating an exfiltration channel where internal data becomes embedded in model responses or logs. This is particularly critical in cloud deployments where metadata endpoints expose temporary IAM credentials, API tokens, and instance configuration data.

RemediationAI

Immediately upgrade to text-generation-webui version 4.3 or later, which includes input validation fixes for the affected RAG extensions. The vendor-released patch is available through the project's GitHub repository at https://github.com/oobabooga/text-generation-webui with security details documented in advisory GHSA-jvrj-w5hq-6cp2. For organizations unable to upgrade immediately, implement compensating controls: disable the superbooga and superboogav2 extensions entirely, deploy network-layer controls to block outbound requests to RFC1918 private addresses and cloud metadata endpoints (169.254.169.254, metadata.google.internal, etc.), and implement web application firewall rules to filter suspicious URL patterns in RAG extension inputs. In cloud environments, apply Instance Metadata Service v2 (IMDSv2) on AWS to require session tokens for metadata access, use workload identity federation where possible to limit credential exposure, and ensure IAM roles attached to compute instances follow least-privilege principles to minimize blast radius if credentials are exfiltrated.

Share

EUVD-2026-19671 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy