CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-35483

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the content is returned verbatim; for .yaml files a parsed key is extracted. This vulnerability is fixed in 4.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.9%

CVSS Severity

CVSS v3 Score 5.3

References

https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-85fx-vw25-4c95

Products affected by CVE-2026-35483

Oobabooga » Textgen » Version: Any

cpe:2.3:a:oobabooga:textgen:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35483

Products

Pricing

Contact Us