CVE-2026-35485
- EPSS 0.68%
- Veröffentlicht 07.04.2026 14:47:37
- Zuletzt bearbeitet 28.04.2026 20:41:33
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. G...
CVE-2026-35484
- EPSS 0.32%
- Veröffentlicht 07.04.2026 14:46:42
- Zuletzt bearbeitet 28.04.2026 21:39:46
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value ...
CVE-2026-35483
- EPSS 0.33%
- Veröffentlicht 07.04.2026 14:45:07
- Zuletzt bearbeitet 24.04.2026 15:15:43
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhe...
CVE-2026-35050
- EPSS 0.44%
- Veröffentlicht 06.04.2026 17:30:20
- Zuletzt bearbeitet 22.04.2026 19:28:04
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download...