{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35487", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T20:49:44.454Z", "datePublished": "2026-04-07T14:50:25.103Z", "dateUpdated": "2026-04-07T18:14:46.381Z"}, "containers": {"cna": {"title": "text-generation-webui has a Path Traversal in load_prompt() \u2014 .txt file read without authentication", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7"}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"version": "< 4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T14:50:25.103Z"}, "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3."}], "source": {"advisory": "GHSA-mfgg-vvc6-vqq7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T18:14:36.824791Z", "id": "CVE-2026-35487", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T18:14:46.381Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35487", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T20:49:44.454Z", "datePublished": "2026-04-07T14:50:25.103Z", "dateUpdated": "2026-04-07T18:14:46.381Z"}, "containers": {"cna": {"title": "text-generation-webui has a Path Traversal in load_prompt() \u2014 .txt file read without authentication", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7"}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"version": "< 4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T14:50:25.103Z"}, "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3."}], "source": {"advisory": "GHSA-mfgg-vvc6-vqq7", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35487", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T18:14:36.824791Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T18:14:41.731Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oobabooga:text_generation_web_ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B0114B9-7FD7-45A2-9103-936373FF3445", "versionEndExcluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3."}], "id": "CVE-2026-35487", "lastModified": "2026-04-09T18:46:11.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T16:16:26.853", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "text-generation-webui", "source": "cna", "vendor": "oobabooga"}, "product": "text-generation-webui", "vendor": "oobabooga"}], "analysis": {"en": {"generated_at": "2026-04-09T21:08:33.196161+00:00", "value": {"mitigation_remediation": ["Upgrade to version 4.3 or later, which removes the path traversal vulnerability in load_prompt().", "Confirm that the updated software no longer accepts arbitrary file paths via the API endpoint.", "If an upgrade is not immediately possible, restrict access to the API endpoint using network controls or authentication to limit the attack surface.", "Monitor server logs for suspicious load_prompt calls that attempt to read sensitive files, and investigate any unauthorized activity promptly."], "summary": {"action": "Apply Patch", "impact": "Unauthorized file read"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of the oobabooga text-generation-webui product that run a version earlier than 4.3. Users operating these older releases are therefore exposed to the risk of unauthorized access to server files via the public API.", "description_and_impact": "A path traversal flaw in the load_prompt() procedure of text-generation-webui allows a remote actor to read any .txt file on the server file system without authentication. The content of the targeted file is returned directly in the API response, providing an attacker with plaintext access to potentially sensitive configuration or credential files. The weakness corresponds to the common weakness classification of improper input handling leading to unrestricted file read.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, while the EPSS score below 1% suggests low current exploit activity. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can reach the affected functionality through the unauthenticated API endpoint by submitting crafted request parameters that contain directory traversal sequences, allowing them to specify arbitrary file paths."}}}}, "created": "2026-04-08T19:37:20.243866+00:00", "updated": "2026-04-10T09:41:31.222876+00:00", "vendors": ["oobabooga", "oobabooga$PRODUCT$text-generation-webui"]}