PT-2026-30856 · Unknown · Text-Generation-Webui
Programsurf
+2
·
Published
2026-04-07
·
Updated
2026-04-07
·
CVE-2026-35483
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
text-generation-webui versions prior to 4.3
Description
text-generation-webui is an open-source web interface for running Large Language Models. A path traversal flaw exists in the
load template() function that allows an unauthenticated attacker to read files with the extensions .jinja, .jinja2, .yaml, or .yml from any location on the server's filesystem. For .jinja files, the content is returned directly. For .yaml files, a parsed key is extracted.Recommendations
Update to version 4.3 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Text-Generation-Webui