text-generation-webui, an open-source web interface for large language models, contains an unauthenticated path traversal flaw in the load_grammar() function. An attacker can craft directory traversal payloads, such as ../../../etc/passwd, and send them via a POST request to the API. Because Gradio does not validate dropdown values on the server side, the payload is accepted and the server returns the requested file’s content. This results in arbitrary file reading, exposing sensitive information on the host system. The vulnerability aligns with CWE‑22: Path Traversal.

Affected versions are all releases of text‑generation‑webui older than 4.3, including versions 4.0 to 4.2. The product is maintained by the oobabooga project and is widely used in research and production environments. Any deployment of these versions is at risk if the API is exposed to unauthenticated users.

The flaw carries a CVSS base score of 7.5, indicating a high severity for confidentiality. No EPSS value is reported, and the vulnerability has not been catalogued by CISA KEV, suggesting it is not yet widely exploited but remains at significant risk. An attacker only needs network access to the host and the ability to send HTTPS requests to the API; authentication is not required. The absence of server-side validation makes exploitation trivial, so systems exposed to the public internet or without strict access controls face a heightened threat.