83 matches found
CVE-2026-35486
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...
CVE-2026-35050
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...
CVE-2026-35486
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...
CVE-2026-35487
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...
CVE-2026-35485
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...
CVE-2026-35483
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...
CVE-2026-35487
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...
EUVD-2026-19672
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...
CVE-2026-35487 text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...
CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...
CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...
CVE-2026-35486
CVE-2026-35486 affects text-generation-webui prior to 4.3, where the superbooga/superboogav2 RAG extensions fetch user-supplied URLs via requests.get() without validation. The root cause is lack of URL scheme validation, IP filtering, and hostname allowlisting, enabling an attacker to reach cloud...
EUVD-2026-19671
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...
EUVD-2026-19669
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...
CVE-2026-35485
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...
CVE-2026-35484
The CVE-2026-35484 issue affects text-generation-webui, an open-source web interface for running LLMs. It describes a path traversal vulnerability in the load_preset() function present before version 4.3, which allows an unauthenticated attacker to read any .yaml file on the server filesystem. Th...
EUVD-2026-19667
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...
CVE-2026-35483
The CVE concerns text-generation-webui, an open-source web interface for running Large Language Models. A path traversal vulnerability existed in load_template() before version 4.3 that allowed reading files on the server filesystem with .jinja, .jinja2, .yaml, or .yml extensions without authenti...
CVE-2026-35483
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...
Text Generation Web UI 路径遍历漏洞
Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained a path traversal vulnerability. This vulnerability stemmed from an unauthenticated path traversal vulnerability in the loadtemplate function,...