Description
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3.
Published: 2026-04-07
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Breach
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to perform a path traversal in the load_preset() function of text-generation-webui, enabling the reading of any .yaml file on the server without authentication. The API returns parsed key-value pairs from the YAML file, potentially exposing passwords, API keys, and connection strings. This results in disclosure of confidential data but does not grant remote code execution.

Affected Systems

The issue affects the oobabooga:text-generation-webui application, specifically all installed versions earlier than 4.3. Users running any pre‑4.3 release are vulnerable.

Risk and Exploitability

With a CVSS score of 5.3, the impact is moderate. The flaw is exploitable via the publicly accessible load_preset API endpoint, meaning attackers who can reach the application can read arbitrary files. No exploitation probability is published and the vulnerability is not listed in CISA’s KEV. Given the lack of authentication, the attack likelihood is high for any exposed instance, and the resulting confidentiality breach could compromise sensitive credentials.

Generated by OpenCVE AI on April 7, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to text-generation-webui version 4.3 or later to eliminate the path traversal flaw.
  • Verify that after upgrading the load_preset endpoint no longer accepts arbitrary file paths and no sensitive information is returned.
  • If an immediate upgrade is not possible, restrict access to the load_preset API to authorized users only or remove the endpoint entirely.

Generated by OpenCVE AI on April 7, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Oobabooga textgen
CPEs cpe:2.3:a:oobabooga:textgen:*:*:*:*:*:*:*:*
Vendors & Products Oobabooga textgen

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Oobabooga
Oobabooga text-generation-webui
Vendors & Products Oobabooga
Oobabooga text-generation-webui

Wed, 08 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3.
Title text-generation-webui has a Path Traversal in load_preset() — .yaml file read without authentication
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Oobabooga Text-generation-webui Textgen
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-08T14:46:53.620Z

Reserved: 2026-04-02T20:49:44.454Z

Link: CVE-2026-35484

cve-icon Vulnrichment

Updated: 2026-04-08T14:46:47.165Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T15:17:45.530

Modified: 2026-04-28T21:39:46.813

Link: CVE-2026-35484

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:48:41Z

Weaknesses