Platform
python
Component
text-generation-webui
Fixed in
4.3.1
CVE-2026-35486 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in text-generation-webui, an open-source web interface for Large Language Models. This flaw allows attackers to leverage the application to make requests to arbitrary internal or external resources, potentially leading to sensitive data exposure and unauthorized access. The vulnerability affects versions prior to 4.3 and has been resolved in version 4.3.0.
The SSRF vulnerability in text-generation-webui arises from the superbooga and superboogav2 RAG extensions, which fetch user-supplied URLs without proper validation. Attackers can craft malicious URLs to target cloud metadata endpoints, effectively stealing IAM credentials and gaining control over cloud resources. Furthermore, the vulnerability allows probing of internal services that are not directly accessible from the outside world. The fetched content is then exfiltrated through the RAG pipeline, compounding the risk. This could enable attackers to map the internal network, identify vulnerable services, and ultimately escalate their privileges.
CVE-2026-35486 was publicly disclosed on 2026-04-07. There are currently no known public proof-of-concept exploits available, but the SSRF nature of the vulnerability makes it relatively easy to exploit. The vulnerability is not currently listed on CISA KEV. Given the ease of exploitation and the potential for significant impact (credential theft and internal network access), it is considered a high-priority vulnerability.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-35486 is to immediately upgrade text-generation-webui to version 4.3.0 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy with strict URL filtering rules to block requests to suspicious domains and protocols. Specifically, block requests to metadata endpoints (e.g., 169.254.169.254) and enforce a strict allowlist of permitted hostnames. Regularly review and update the RAG extension code to ensure proper URL validation is implemented.
Update to version 4.3.0 or later to mitigate the SSRF vulnerability. This update implements URL validation to prevent unauthorized access to internal and external resources.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-35486 is a HIGH severity SSRF vulnerability in text-generation-webui versions before 4.3, allowing attackers to access internal resources via unvalidated URLs.
You are affected if you are running text-generation-webui versions 0.0.0 through 4.2.9. Upgrade to 4.3.0 or later to mitigate the risk.
Upgrade text-generation-webui to version 4.3.0 or later. As a temporary workaround, implement WAF rules to block requests to suspicious URLs and metadata endpoints.
While no public exploits are currently known, the SSRF nature of the vulnerability makes it easily exploitable, and active exploitation is possible.
Refer to the text-generation-webui project's repository and release notes for the official advisory and details on the fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.