Description
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, this python file can be triggered to get executed from "Model" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1.
Published: 2026-04-06
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An attacker who can use the web interface to save extension settings may write arbitrary Python files to the application root directory. By overwriting a core file such as download‑model.py, the attacker can later trigger that file from the Model menu, causing the server to execute the injected code. This gives the attacker full control over the server and allows exfiltration of data, persistence, or any other malicious action. The weakness is a path traversal error that permits file write outside the intended settings directory.

Affected Systems

The vulnerability affects the text-generation-webui application by oobabooga. All versions prior to 4.1.1 are susceptible; versions 4.1.1 and later contain the fix.

Risk and Exploitability

The flaw has a CVSS score of 9.1, indicating severe impact. No EPSS score is available, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is through the web UI, where a user with write access to the extension settings can issue a request that saves malicious file paths. If the web interface is publicly reachable, an unauthenticated attacker could also exploit the flaw by crafting a request to the relevant endpoint. The combination of high severity and potential remote access makes this a top priority for remediation.

Generated by OpenCVE AI on April 6, 2026 at 21:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade text-generation-webui to version 4.1.1 or later.
  • If an upgrade is not immediately possible, restrict write permissions on the application root directory so that only trusted users can modify Python files.
  • Disable or harden the extension settings endpoint to prevent path traversal attacks.
  • Ensure the web interface is protected behind authentication and limited to a trusted network before applying the patch.

Generated by OpenCVE AI on April 6, 2026 at 21:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Oobabooga textgen
CPEs cpe:2.3:a:oobabooga:textgen:*:*:*:*:*:*:*:*
Vendors & Products Oobabooga textgen

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Oobabooga
Oobabooga text-generation-webui
Vendors & Products Oobabooga
Oobabooga text-generation-webui

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, this python file can be triggered to get executed from "Model" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1.
Title text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oobabooga Text-generation-webui Textgen
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T14:30:04.932Z

Reserved: 2026-03-31T21:06:06.429Z

Link: CVE-2026-35050

cve-icon Vulnrichment

Updated: 2026-04-07T14:29:54.585Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T18:16:42.583

Modified: 2026-04-22T19:28:04.707

Link: CVE-2026-35050

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T09:39:12Z

Weaknesses