CVE-2026-35484 text-generation-webui has a Path Traversal in load_preset() — .yaml file read without authentication
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...