CVE-2026-35487
Path Traversal in text-generation-webui Allows Unauthorized File Access
Publication date: 2026-04-07
Last updated on: 2026-04-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oobabooga | text_generation_web_ui | to 4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to read arbitrary .txt files on the server filesystem, potentially exposing sensitive information such as API keys, environment notes, deployment logs, password lists, and license keys.
Exposure of sensitive data through this vulnerability could lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access.
Since the vulnerability enables data exfiltration without authentication, it increases the risk of data breaches that these regulations aim to prevent.
Can you explain this vulnerability to me?
CVE-2026-35487 is a path traversal vulnerability in the load_prompt() function of the text-generation-webui package (versions prior to 4.3). It allows an unauthenticated attacker to read any .txt file on the server filesystem by manipulating the filename parameter (fname) without proper sanitization.
The vulnerability occurs because the fname parameter is used to construct a file path without validating or sanitizing it, enabling attackers to escape the intended directory and access arbitrary .txt files. The file content is then returned verbatim in the API response.
This issue is fixed in version 4.3 by sanitizing the input filename to prevent directory traversal.
How can this vulnerability impact me? :
This vulnerability can allow attackers to read any .txt file accessible by the server process without authentication.
- Attackers can exfiltrate sensitive information such as API keys, environment notes, deployment logs, password lists, and license keys if these are stored in .txt files.
- Since no privileges or user interaction are required, the attack is relatively easy to perform remotely.
The confidentiality of sensitive data is compromised, although integrity and availability are not affected.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted API requests to the text-generation-webui server that attempt to exploit the path traversal in the load_prompt() function.
Specifically, you can test by sending a POST request with a path traversal payload in the fname parameter, such as fname="../../secret/api_keys".
If the server returns the contents of an arbitrary .txt file outside the intended directory, the vulnerability is present.
Example command using curl to test the vulnerability:
- curl -X POST -d "fname=../../secret/api_keys" http://<server-address>/api/load_prompt
Replace <server-address> with the actual address of your text-generation-webui server.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the text-generation-webui package to version 4.3 or later, where this vulnerability is fixed.
The fix involves sanitizing the fname parameter by applying os.path.basename() before constructing the file path, preventing directory traversal.
Until you can upgrade, consider restricting access to the API endpoint to trusted users or networks to reduce the risk of exploitation.