PT-2026-30860 · Unknown · Text-Generation-Webui

Programsurf

Published

2026-04-07

Updated

2026-04-07

CVE-2026-35487

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions text-generation-webui versions prior to 4.3

Description text-generation-webui is an open-source web interface for running Large Language Models. A path traversal flaw exists in the load prompt() function, allowing unauthenticated users to read any .txt file on the server filesystem. The content of the file is directly returned in the API response.

Recommendations Update to version 4.3 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-35487

Affected Products

Text-Generation-Webui

PT-2026-30860 · Unknown · Text-Generation-Webui

CVE-2026-35487

Weakness Enumeration

Related Identifiers

Affected Products

References · 4