CVE-2026-35050

Name of the Vulnerable Software and Affected Versions text-generation-webui versions prior to 4.1.1

Description text-generation-webui is an open-source web interface for running Large Language Models. Prior to version 4.1.1, users could save extension settings in '.py' format within the application root directory, enabling overwriting of Python files such as 'download-model.py'. This overwritten file could then be triggered for execution through the 'Model' menu when a new model download was requested.

Recommendations Update to version 4.1.1 or later.