{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35484", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T20:49:44.454Z", "datePublished": "2026-04-07T14:46:42.351Z", "dateUpdated": "2026-04-08T14:46:53.620Z"}, "containers": {"cna": {"title": "text-generation-webui has a Path Traversal in load_preset() \u2014 .yaml file read without authentication", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5"}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"version": "< 4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T14:47:58.668Z"}, "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3."}], "source": {"advisory": "GHSA-w3cv-4447-5hf5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T14:46:35.131007Z", "id": "CVE-2026-35484", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T14:46:53.620Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35484", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T14:46:35.131007Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T14:46:47.165Z"}}], "cna": {"title": "text-generation-webui has a Path Traversal in load_preset() \u2014 .yaml file read without authentication", "source": {"advisory": "GHSA-w3cv-4447-5hf5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "oobabooga", "product": "text-generation-webui", "versions": [{"status": "affected", "version": "< 4.3"}]}], "references": [{"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5", "name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T14:47:58.668Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35484", "state": "PUBLISHED", "dateUpdated": "2026-04-08T14:46:53.620Z", "dateReserved": "2026-04-02T20:49:44.454Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-07T14:46:42.351Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords, API keys, connection strings) are returned in the API response. This vulnerability is fixed in 4.3."}], "id": "CVE-2026-35484", "lastModified": "2026-04-08T21:27:15.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T15:17:45.530", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "text-generation-webui", "source": "cna", "vendor": "oobabooga"}, "product": "text-generation-webui", "vendor": "oobabooga"}], "analysis": {"en": {"generated_at": "2026-04-07T19:50:28.710255+00:00", "value": {"mitigation_remediation": ["Upgrade to text-generation-webui version 4.3 or later to eliminate the path traversal flaw.", "Verify that after upgrading the load_preset endpoint no longer accepts arbitrary file paths and no sensitive information is returned.", "If an immediate upgrade is not possible, restrict access to the load_preset API to authorized users only or remove the endpoint entirely."], "summary": {"action": "Immediate Patch", "impact": "Confidentiality Breach"}, "threat_synthesis": {"affected_systems": "The issue affects the oobabooga:text-generation-webui application, specifically all installed versions earlier than 4.3. Users running any pre\u20114.3 release are vulnerable.", "description_and_impact": "The vulnerability allows an attacker to perform a path traversal in the load_preset() function of text-generation-webui, enabling the reading of any .yaml file on the server without authentication. The API returns parsed key-value pairs from the YAML file, potentially exposing passwords, API keys, and connection strings. This results in disclosure of confidential data but does not grant remote code execution.", "risk_and_exploitability": "With a CVSS score of 5.3, the impact is moderate. The flaw is exploitable via the publicly accessible load_preset API endpoint, meaning attackers who can reach the application can read arbitrary files. No exploitation probability is published and the vulnerability is not listed in CISA\u2019s KEV. Given the lack of authentication, the attack likelihood is high for any exposed instance, and the resulting confidentiality breach could compromise sensitive credentials."}}}}, "created": "2026-04-08T19:37:23.617236+00:00", "updated": "2026-04-08T19:48:41.289214+00:00", "vendors": ["oobabooga", "oobabooga$PRODUCT$text-generation-webui"]}