{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35485", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T20:49:44.454Z", "datePublished": "2026-04-07T14:47:37.593Z", "dateUpdated": "2026-04-07T15:58:51.812Z"}, "containers": {"cna": {"title": "text-generation-webui has a Path Traversal in load_grammar() \u2014 arbitrary file read without authentication", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6"}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"version": "< 4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T14:47:37.593Z"}, "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown values, so an attacker can POST directory traversal payloads (e.g., ../../../etc/passwd) via the API and receive the full file contents in the response. This vulnerability is fixed in 4.3."}], "source": {"advisory": "GHSA-hqg5-487v-5mc6", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T15:11:37.214994Z", "id": "CVE-2026-35485", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:58:51.812Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35485", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T15:11:37.214994Z"}}}], "references": [{"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:11:45.710Z"}}], "cna": {"title": "text-generation-webui has a Path Traversal in load_grammar() \u2014 arbitrary file read without authentication", "source": {"advisory": "GHSA-hqg5-487v-5mc6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"status": "affected", "version": "< 4.3"}]}], "references": [{"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6", "name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown values, so an attacker can POST directory traversal payloads (e.g., ../../../etc/passwd) via the API and receive the full file contents in the response. This vulnerability is fixed in 4.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T14:47:37.593Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35485", "state": "PUBLISHED", "dateUpdated": "2026-04-07T15:58:51.812Z", "dateReserved": "2026-04-02T20:49:44.454Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-07T14:47:37.593Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oobabooga:textgen:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A2B642B-80A8-46E1-931D-C5541264290A", "versionEndExcluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown values, so an attacker can POST directory traversal payloads (e.g., ../../../etc/passwd) via the API and receive the full file contents in the response. This vulnerability is fixed in 4.3."}], "id": "CVE-2026-35485", "lastModified": "2026-04-28T20:41:33.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T15:17:45.677", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "text-generation-webui", "source": "cna", "vendor": "oobabooga"}, "product": "text-generation-webui", "vendor": "oobabooga"}], "analysis": {"en": {"generated_at": "2026-04-07T20:05:20.088251+00:00", "value": {"mitigation_remediation": ["Upgrade text\u2011generation\u2011webui to version 4.3 or later."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Affected versions are all releases of text\u2011generation\u2011webui older than 4.3, including versions 4.0 to 4.2. The product is maintained by the oobabooga project and is widely used in research and production environments. Any deployment of these versions is at risk if the API is exposed to unauthenticated users.", "description_and_impact": "text-generation-webui, an open-source web interface for large language models, contains an unauthenticated path traversal flaw in the load_grammar() function. An attacker can craft directory traversal payloads, such as ../../../etc/passwd, and send them via a POST request to the API. Because Gradio does not validate dropdown values on the server side, the payload is accepted and the server returns the requested file\u2019s content. This results in arbitrary file reading, exposing sensitive information on the host system. The vulnerability aligns with CWE\u201122: Path Traversal.", "risk_and_exploitability": "The flaw carries a CVSS base score of 7.5, indicating a high severity for confidentiality. No EPSS value is reported, and the vulnerability has not been catalogued by CISA KEV, suggesting it is not yet widely exploited but remains at significant risk. An attacker only needs network access to the host and the ability to send HTTPS requests to the API; authentication is not required. The absence of server-side validation makes exploitation trivial, so systems exposed to the public internet or without strict access controls face a heightened threat."}}}}, "created": "2026-04-08T19:37:22.607065+00:00", "updated": "2026-04-08T19:48:40.283770+00:00", "vendors": ["oobabooga", "oobabooga$PRODUCT$text-generation-webui"]}