{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35050", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-31T21:06:06.429Z", "datePublished": "2026-04-06T17:30:20.513Z", "dateUpdated": "2026-04-07T14:30:04.932Z"}, "containers": {"cna": {"title": "text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at \"Session -> Save extention settings to user_data/settings.yaml\".", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv"}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"version": "< 4.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:30:20.513Z"}, "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in \"py\" format and in the app root directory. This allows to overwrite python files, for instance the \"download-model.py\" file could be overwritten. Then, this python file can be triggered to get executed from \"Model\" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1."}], "source": {"advisory": "GHSA-jg96-p5p6-q3cv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:29:45.992340Z", "id": "CVE-2026-35050", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:30:04.932Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35050", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T14:29:45.992340Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:29:54.585Z"}}], "cna": {"title": "text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at \"Session -> Save extention settings to user_data/settings.yaml\".", "source": {"advisory": "GHSA-jg96-p5p6-q3cv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"status": "affected", "version": "< 4.1.1"}]}], "references": [{"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv", "name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in \"py\" format and in the app root directory. This allows to overwrite python files, for instance the \"download-model.py\" file could be overwritten. Then, this python file can be triggered to get executed from \"Model\" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:30:20.513Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35050", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:30:04.932Z", "dateReserved": "2026-03-31T21:06:06.429Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-06T17:30:20.513Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oobabooga:textgen:*:*:*:*:*:*:*:*", "matchCriteriaId": "8721B2AD-FA53-4979-8E7A-68D571B91D82", "versionEndExcluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in \"py\" format and in the app root directory. This allows to overwrite python files, for instance the \"download-model.py\" file could be overwritten. Then, this python file can be triggered to get executed from \"Model\" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1."}], "id": "CVE-2026-35050", "lastModified": "2026-04-22T19:28:04.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-06T18:16:42.583", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.1.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "text-generation-webui", "source": "cna", "vendor": "oobabooga"}, "product": "text-generation-webui", "vendor": "oobabooga"}], "analysis": {"en": {"generated_at": "2026-04-06T21:37:26.348194+00:00", "value": {"mitigation_remediation": ["Upgrade text-generation-webui to version 4.1.1 or later.", "If an upgrade is not immediately possible, restrict write permissions on the application root directory so that only trusted users can modify Python files.", "Disable or harden the extension settings endpoint to prevent path traversal attacks.", "Ensure the web interface is protected behind authentication and limited to a trusted network before applying the patch."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the text-generation-webui application by oobabooga. All versions prior to 4.1.1 are susceptible; versions 4.1.1 and later contain the fix.", "description_and_impact": "An attacker who can use the web interface to save extension settings may write arbitrary Python files to the application root directory. By overwriting a core file such as download\u2011model.py, the attacker can later trigger that file from the Model menu, causing the server to execute the injected code. This gives the attacker full control over the server and allows exfiltration of data, persistence, or any other malicious action. The weakness is a path traversal error that permits file write outside the intended settings directory.", "risk_and_exploitability": "The flaw has a CVSS score of 9.1, indicating severe impact. No EPSS score is available, and the issue is not listed in CISA\u2019s KEV catalog. The likely attack vector is through the web UI, where a user with write access to the extension settings can issue a request that saves malicious file paths. If the web interface is publicly reachable, an unauthenticated attacker could also exploit the flaw by crafting a request to the relevant endpoint. The combination of high severity and potential remote access makes this a top priority for remediation."}}}}, "created": "2026-04-06T21:47:08.160443+00:00", "updated": "2026-04-07T09:39:12.817185+00:00", "vendors": ["oobabooga", "oobabooga$PRODUCT$text-generation-webui"]}