CVE-2026-35050 (GCVE-0-2026-35050)

Vulnerability from cvelistv5 – Published: 2026-04-06 17:30 – Updated: 2026-04-07 14:30
VLAI?
Title
text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".
Summary
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, this python file can be triggered to get executed from "Model" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
oobabooga text-generation-webui Affected: < 4.1.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35050",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-07T14:29:45.992340Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-07T14:30:04.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "text-generation-webui",
          "vendor": "oobabooga",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in \"py\" format and in the app root directory. This allows to overwrite python files, for instance the \"download-model.py\" file could be overwritten. Then, this python file can be triggered to get executed from \"Model\" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-06T17:30:20.513Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv"
        }
      ],
      "source": {
        "advisory": "GHSA-jg96-p5p6-q3cv",
        "discovery": "UNKNOWN"
      },
      "title": "text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at \"Session -\u003e Save extention settings to user_data/settings.yaml\"."
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-35050",
    "datePublished": "2026-04-06T17:30:20.513Z",
    "dateReserved": "2026-03-31T21:06:06.429Z",
    "dateUpdated": "2026-04-07T14:30:04.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-35050",
      "date": "2026-04-23",
      "epss": "0.00083",
      "percentile": "0.24189"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-35050\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-06T18:16:42.583\",\"lastModified\":\"2026-04-22T19:28:04.707\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in \\\"py\\\" format and in the app root directory. This allows to overwrite python files, for instance the \\\"download-model.py\\\" file could be overwritten. Then, this python file can be triggered to get executed from \\\"Model\\\" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oobabooga:textgen:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.1\",\"matchCriteriaId\":\"8721B2AD-FA53-4979-8E7A-68D571B91D82\"}]}]}],\"references\":[{\"url\":\"https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-35050\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-07T14:29:45.992340Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-07T14:29:54.585Z\"}}], \"cna\": {\"title\": \"text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at \\\"Session -\u003e Save extention settings to user_data/settings.yaml\\\".\", \"source\": {\"advisory\": \"GHSA-jg96-p5p6-q3cv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"oobabooga\", \"product\": \"text-generation-webui\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.1.1\"}]}], \"references\": [{\"url\": \"https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv\", \"name\": \"https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in \\\"py\\\" format and in the app root directory. This allows to overwrite python files, for instance the \\\"download-model.py\\\" file could be overwritten. Then, this python file can be triggered to get executed from \\\"Model\\\" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-06T17:30:20.513Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-35050\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-07T14:30:04.932Z\", \"dateReserved\": \"2026-03-31T21:06:06.429Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-06T17:30:20.513Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.