CVE-2026-35485: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in oobabooga text-generation-webui
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown values, so an attacker can POST directory traversal payloads (e.g., ../../../etc/passwd) via the API and receive the full file contents in the response. This vulnerability is fixed in 4.3.
AI Analysis
Technical Summary
The vulnerability in text-generation-webui (before version 4.3) is an improper limitation of a pathname to a restricted directory (CWE-22). An attacker can exploit this by sending a POST request with directory traversal sequences (e.g., ../../../etc/passwd) to the API, which then reads and returns the contents of arbitrary files on the server. This occurs because the load_grammar() function lacks proper validation and Gradio does not enforce server-side validation of dropdown values. The vulnerability has a CVSS 3.1 base score of 7.5, indicating high severity, with network attack vector, no privileges required, no user interaction, and high confidentiality impact but no integrity or availability impact. The issue is resolved in version 4.3 of the software.
Potential Impact
An unauthenticated attacker can read any file on the server filesystem without restriction, potentially exposing sensitive information such as configuration files, credentials, or other private data. There is no impact on integrity or availability reported. This can lead to significant confidentiality breaches.
Mitigation Recommendations
This vulnerability is fixed in text-generation-webui version 4.3. Users should upgrade to version 4.3 or later to remediate this issue. Since no official patch link or advisory is provided, users should verify the upgrade from the vendor's official source. Until upgraded, restrict access to the vulnerable API to trusted users or networks as a temporary mitigation.
CVE-2026-35485: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in oobabooga text-generation-webui
Description
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown values, so an attacker can POST directory traversal payloads (e.g., ../../../etc/passwd) via the API and receive the full file contents in the response. This vulnerability is fixed in 4.3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in text-generation-webui (before version 4.3) is an improper limitation of a pathname to a restricted directory (CWE-22). An attacker can exploit this by sending a POST request with directory traversal sequences (e.g., ../../../etc/passwd) to the API, which then reads and returns the contents of arbitrary files on the server. This occurs because the load_grammar() function lacks proper validation and Gradio does not enforce server-side validation of dropdown values. The vulnerability has a CVSS 3.1 base score of 7.5, indicating high severity, with network attack vector, no privileges required, no user interaction, and high confidentiality impact but no integrity or availability impact. The issue is resolved in version 4.3 of the software.
Potential Impact
An unauthenticated attacker can read any file on the server filesystem without restriction, potentially exposing sensitive information such as configuration files, credentials, or other private data. There is no impact on integrity or availability reported. This can lead to significant confidentiality breaches.
Mitigation Recommendations
This vulnerability is fixed in text-generation-webui version 4.3. Users should upgrade to version 4.3 or later to remediate this issue. Since no official patch link or advisory is provided, users should verify the upgrade from the vendor's official source. Until upgraded, restrict access to the vulnerable API to trusted users or networks as a temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-02T20:49:44.454Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d51c3eaaed68159a2c1622
Added to database: 4/7/2026, 3:01:18 PM
Last enriched: 4/7/2026, 3:16:21 PM
Last updated: 4/8/2026, 2:03:10 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.