CVE-2026-35483 Overview
CVE-2026-35483 is a path traversal vulnerability affecting text-generation-webui, an open-source web interface for running Large Language Models (LLMs). Prior to version 4.3, an unauthenticated path traversal vulnerability in the load_template() function allows remote attackers to read files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files, the content is returned verbatim; for .yaml files, a parsed key is extracted.
Critical Impact
Unauthenticated attackers can exploit this vulnerability to read sensitive configuration files and templates from arbitrary locations on the server, potentially exposing credentials, API keys, and other sensitive information stored in YAML or Jinja template files.
Affected Products
- text-generation-webui versions prior to 4.3
- Deployments with network-accessible web interfaces
- Installations without additional authentication layers
Discovery Timeline
- 2026-04-07 - CVE CVE-2026-35483 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-35483
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as a path traversal or directory traversal vulnerability. The flaw exists in the load_template() function which fails to properly validate and sanitize user-supplied file paths before processing template files.
The vulnerability allows unauthenticated remote attackers to traverse outside the intended template directory by manipulating the file path parameter. The attack is limited to files with specific extensions (.jinja, .jinja2, .yaml, .yml), but this still represents a significant information disclosure risk as many applications store sensitive configuration data in YAML files and use Jinja templates that may contain hardcoded secrets or reveal system architecture.
Root Cause
The root cause of this vulnerability is insufficient input validation in the load_template() function. The function accepts user-supplied input for the template path but fails to properly sanitize path traversal sequences (such as ../) or validate that the resolved path remains within the intended template directory. This allows attackers to construct malicious paths that escape the template directory and access files elsewhere on the filesystem.
Attack Vector
The vulnerability is exploitable over the network without requiring authentication. An attacker can craft HTTP requests containing path traversal sequences to read arbitrary files with the allowed extensions. The attack complexity is low as it only requires knowledge of standard path traversal techniques.
For .jinja and .jinja2 files, the raw content is returned directly to the attacker. For .yaml and .yml files, the application parses the YAML content and returns extracted key values, which could expose sensitive configuration parameters, database credentials, API tokens, or other secrets commonly stored in YAML configuration files.
The vulnerability mechanism involves manipulating the template path parameter to include directory traversal sequences like ../../../etc/application/config.yaml. Since the load_template() function does not properly validate that the final resolved path remains within the template directory, it processes files from arbitrary filesystem locations. For technical details and proof-of-concept information, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-35483
Indicators of Compromise
- HTTP requests to the web interface containing path traversal sequences (../, ..%2f, %2e%2e/) in template-related parameters
- Unusual access patterns to the load_template endpoint or related API routes
- Web server logs showing requests attempting to access files outside the normal template directory structure
- Error messages or responses indicating file access attempts to system directories
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block path traversal patterns in HTTP requests
- Monitor application logs for requests containing encoded or unencoded directory traversal sequences
- Configure intrusion detection systems (IDS) to alert on path traversal attack signatures targeting the web interface
- Audit web server access logs for anomalous requests to template loading endpoints
Monitoring Recommendations
- Enable verbose logging for the text-generation-webui application to capture detailed request information
- Set up alerts for any HTTP 200 responses to requests containing suspicious path sequences
- Monitor file access patterns at the operating system level for unexpected reads of configuration files
- Review application logs regularly for patterns indicating reconnaissance or exploitation attempts
How to Mitigate CVE-2026-35483
Immediate Actions Required
- Upgrade text-generation-webui to version 4.3 or later immediately
- Implement network segmentation to restrict access to the web interface from untrusted networks
- Deploy a web application firewall (WAF) with path traversal detection rules as a defense-in-depth measure
- Review server logs to identify any potential exploitation attempts prior to patching
Patch Information
The vulnerability is fixed in text-generation-webui version 4.3. Organizations should upgrade to this version or later to remediate the vulnerability. The patch addresses the improper input validation in the load_template() function by implementing proper path sanitization and validation to prevent directory traversal attacks.
For detailed patch information and release notes, refer to the GitHub Security Advisory.
Workarounds
- Restrict network access to the text-generation-webui interface using firewall rules, limiting access to trusted IP addresses only
- Implement authentication at the network layer (e.g., VPN, reverse proxy with authentication) if the application cannot be immediately upgraded
- Deploy a reverse proxy with strict path validation rules to filter malicious requests before they reach the application
- Consider running the application in a containerized environment with limited filesystem access to reduce the impact of potential exploitation
# Example: Restrict access using iptables
# Allow only trusted IP ranges to access the web interface port
iptables -A INPUT -p tcp --dport 7860 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 7860 -s 192.168.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 7860 -j DROP
: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
