Description
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3.
Published: 2026-04-07
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file read
Action: Apply Patch
AI Analysis

Impact

A path traversal flaw in the load_prompt() procedure of text-generation-webui allows a remote actor to read any .txt file on the server file system without authentication. The content of the targeted file is returned directly in the API response, providing an attacker with plaintext access to potentially sensitive configuration or credential files. The weakness corresponds to the common weakness classification of improper input handling leading to unrestricted file read.

Affected Systems

The vulnerability affects all installations of the oobabooga text-generation-webui product that run a version earlier than 4.3. Users operating these older releases are therefore exposed to the risk of unauthorized access to server files via the public API.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score below 1% suggests low current exploit activity. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can reach the affected functionality through the unauthenticated API endpoint by submitting crafted request parameters that contain directory traversal sequences, allowing them to specify arbitrary file paths.

Generated by OpenCVE AI on April 9, 2026 at 21:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 4.3 or later, which removes the path traversal vulnerability in load_prompt().
  • Confirm that the updated software no longer accepts arbitrary file paths via the API endpoint.
  • If an upgrade is not immediately possible, restrict access to the API endpoint using network controls or authentication to limit the attack surface.
  • Monitor server logs for suspicious load_prompt calls that attempt to read sensitive files, and investigate any unauthorized activity promptly.

Generated by OpenCVE AI on April 9, 2026 at 21:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Oobabooga text Generation Web Ui
CPEs cpe:2.3:a:oobabooga:text_generation_web_ui:*:*:*:*:*:*:*:*
Vendors & Products Oobabooga text Generation Web Ui

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Oobabooga
Oobabooga text-generation-webui
Vendors & Products Oobabooga
Oobabooga text-generation-webui

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3.
Title text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Oobabooga Text-generation-webui Text Generation Web Ui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T18:14:46.381Z

Reserved: 2026-04-02T20:49:44.454Z

Link: CVE-2026-35487

cve-icon Vulnrichment

Updated: 2026-04-07T18:14:41.731Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T16:16:26.853

Modified: 2026-04-09T18:46:11.693

Link: CVE-2026-35487

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:41:31Z

Weaknesses