CVE-2026-35484
Received Received - Intake
Path Traversal in text-generation-webui Exposes Sensitive YAML Data

Publication date: 2026-04-07

Last updated on: 2026-04-28

Assigner: GitHub, Inc.

Description
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35484
EUVD
EUVD-2026-19667
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oobabooga textgen to 4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to read arbitrary YAML files on the server, which may contain sensitive data such as passwords, API keys, and connection strings.

This unauthorized disclosure of sensitive configuration data could lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding of sensitive information and prevention of unauthorized access.

Since the vulnerability exposes confidential information without authentication, it increases the risk of data breaches and could result in violations of confidentiality requirements mandated by these regulations.

Executive Summary

CVE-2026-35484 is a path traversal vulnerability in the load_preset() function of the text-generation-webui package versions prior to 4.3.

The vulnerability arises because the function constructs a file path using a user-supplied 'name' parameter without properly sanitizing it, allowing an attacker to manipulate the path to access files outside the intended directory.

Specifically, an attacker can submit a crafted API request with a path traversal payload (e.g., name="../../secret/db_config") to read arbitrary .yaml files on the server filesystem.

The server then parses the targeted YAML file and returns all key-value pairs, including sensitive data such as passwords, API keys, and connection strings, in the API response.

No authentication is required to exploit this vulnerability, making it accessible to unauthenticated attackers.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information stored in YAML configuration files on the server.

Since YAML files often contain critical data such as passwords, API keys, connection strings, Kubernetes manifests, Docker Compose files, and CI/CD configurations, an attacker can exfiltrate these secrets.

Because no authentication is required, any attacker with network access to the vulnerable service can exploit this flaw.

The impact is primarily confidentiality loss, which could lead to further compromise of systems or data breaches.

Detection Guidance

This vulnerability can be detected by attempting to exploit the path traversal in the load_preset() API endpoint by sending crafted requests with path traversal payloads in the 'name' parameter.

For example, you can use curl or similar tools to send a request to the vulnerable API endpoint with a payload like name="../../secret/db_config" to see if arbitrary YAML files outside the intended directory are returned.

A sample command might be:

  • curl -X POST "http://<target-server>/api/load_preset" -d "name=../../secret/db_config"

If the response contains YAML key-value pairs from files outside the presets directory, the vulnerability is present.

Mitigation Strategies

The immediate mitigation step is to upgrade the text-generation-webui package to version 4.3 or later, where this vulnerability is fixed.

If upgrading is not immediately possible, apply sanitization to the 'name' parameter in the load_preset() function to prevent directory traversal, such as using os.path.basename(name) before constructing the file path.

Additionally, restrict access to the API endpoint to trusted users or networks to reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35484. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart