Plateforme
python
Composant
text-generation-webui
Corrigé dans
4.3.1
CVE-2026-35485 describes a Path Traversal vulnerability discovered in text-generation-webui, an open-source web interface for Large Language Models. This vulnerability allows an unauthenticated attacker to read arbitrary files on the server's filesystem. The issue affects versions prior to 4.3 and has been resolved in version 4.3.0.
The impact of this vulnerability is significant due to its unauthenticated nature and the ability to read any file on the server. An attacker could potentially access sensitive configuration files, source code, database credentials, or other confidential data. This could lead to complete compromise of the system and data exfiltration. The lack of server-side validation in Gradio's dropdown values makes exploitation straightforward, allowing attackers to craft directory traversal payloads via the API.
This vulnerability is publicly known and documented. While no active exploitation campaigns have been confirmed, the ease of exploitation and the lack of authentication make it a potential target. The vulnerability was disclosed on 2026-04-07. No KEV listing is currently available.
Organizations and individuals deploying text-generation-webui, particularly those running older versions (prior to 4.3.0) in production environments, are at risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable, as an attacker could potentially exploit this vulnerability to access files belonging to other users.
• python / server:
import os
import requests
# Check for vulnerable versions
version_url = 'http://localhost:7860/api/version'
response = requests.get(version_url)
version = response.json().get('version', 'unknown')
if version and float(version.split('.')[0]) < 4:
print('Vulnerable version detected!')
# Attempt path traversal
url = 'http://localhost:7860/api/file/../../../../etc/passwd'
response = requests.get(url)
if 'root:x:' in response.text:
print('Path traversal detected!')disclosure
Statut de l'Exploit
EPSS
0.48% (percentile 65%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to upgrade text-generation-webui to version 4.3.0 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter out directory traversal attempts in API requests. Specifically, block requests containing sequences like '../' or similar path manipulation techniques. Regularly review and harden the server's file permissions to limit the potential damage if the vulnerability is exploited. After upgrade, confirm by attempting to access a sensitive file via the API and verifying that access is denied.
Actualice a la versión 4.3.0 o superior para mitigar la vulnerabilidad de recorrido de ruta. Esta actualización corrige la falta de validación del lado del servidor de los valores del menú desplegable, evitando que los atacantes lean archivos arbitrarios del sistema de archivos.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-35485 is a Path Traversal vulnerability in text-generation-webui versions before 4.3, allowing unauthenticated attackers to read any file on the server.
You are affected if you are using text-generation-webui versions prior to 4.3.0. Check your version and upgrade immediately.
Upgrade to text-generation-webui version 4.3.0 or later. Consider WAF rules as a temporary mitigation if upgrading is not possible.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation makes it a potential target.
Refer to the text-generation-webui project's repository and release notes for the official advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.