Plattform
python
Komponente
text-generation-webui
Behoben in
4.3.1
CVE-2026-35486 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in text-generation-webui, an open-source web interface for Large Language Models. This flaw allows attackers to leverage the application to make requests to arbitrary internal or external resources, potentially leading to sensitive data exposure and unauthorized access. The vulnerability impacts versions prior to 4.3 and has been resolved in version 4.3.0.
The SSRF vulnerability in text-generation-webui arises from the superbooga and superboogav2 RAG extensions, which fetch user-supplied URLs without proper validation. Attackers can craft malicious URLs to access sensitive cloud metadata endpoints, such as those exposing AWS IAM credentials or Azure instance details. This could enable them to steal credentials, escalate privileges, and gain control over cloud resources. Furthermore, the vulnerability allows attackers to probe internal services behind firewalls, potentially mapping the internal network and identifying other vulnerable targets. The fetched content is then exfiltrated through the RAG pipeline, further amplifying the impact.
CVE-2026-35486 was publicly disclosed on 2026-04-07. While no public proof-of-concept (PoC) has been released as of this writing, the SSRF nature of the vulnerability makes it relatively easy to exploit. The EPSS score is likely medium, indicating a moderate probability of exploitation given the ease of exploitation and potential impact. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations deploying text-generation-webui, particularly those running it in cloud environments or with access to sensitive internal resources, are at risk. Users relying on the superbooga or superboogav2 RAG extensions are especially vulnerable. Shared hosting environments where multiple users share the same text-generation-webui instance are also at increased risk.
• linux / server: Monitor access logs for requests to unusual or internal IP addresses, particularly metadata endpoints (169.254.169.254). Use journalctl to filter for requests originating from the RAG extensions.
journalctl -u text-generation-webui -g 'RAG extension' | grep '169.254.169.254'• generic web: Use curl to test for endpoint exposure and potential SSRF. Attempt to access internal services via the web interface.
curl -v 'http://<text-generation-webui-ip>/rag/fetch?url=http://169.254.169.254/latest/meta-data/'disclosure
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-35486 is to upgrade text-generation-webui to version 4.3.0 or later, which includes the necessary validation checks to prevent SSRF attacks. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy with strict URL filtering rules to block requests to suspicious domains or IP addresses. Additionally, restrict network access to the text-generation-webui instance to only authorized users and services. Regularly review and update the RAG extension configurations to ensure they adhere to security best practices.
Aktualisieren Sie auf Version 4.3.0 oder höher, um die SSRF-Schwachstelle zu entschärfen. Dieses Update implementiert die URL-Validierung, um unbefugten Zugriff auf interne und externe Ressourcen zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-35486 is a HIGH severity SSRF vulnerability in text-generation-webui versions before 4.3, allowing attackers to access internal resources via unvalidated URLs.
You are affected if you are running text-generation-webui versions 0.0.0 through 4.2.9. Upgrade to 4.3.0 or later to mitigate the risk.
Upgrade text-generation-webui to version 4.3.0 or later. As a temporary workaround, implement WAF rules to block requests to suspicious URLs and metadata endpoints.
While no public exploits are currently known, the SSRF nature of the vulnerability makes it easily exploitable, and active exploitation is possible.
Refer to the text-generation-webui project's repository and release notes for the official advisory and details on the fix.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.