Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Cvelist
Cvelistadded 2026/04/07 2:49 p.m.12 views

CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

7.5CVSS0.004EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/07 2:49 p.m.0 views

CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

7.5CVSS5.9AI score0.004EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 2:49 p.m.7 views

CVE-2026-35486

CVE-2026-35486 affects text-generation-webui prior to 4.3, where the superbooga/superboogav2 RAG extensions fetch user-supplied URLs via requests.get() without validation. The root cause is lack of URL scheme validation, IP filtering, and hostname allowlisting, enabling an attacker to reach cloud...

7.5CVSS5.9AI score0.004EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder