CVE-2026-35484 Overview
CVE-2026-35484 is a path traversal vulnerability in text-generation-webui, an open-source web interface for running Large Language Models. Prior to version 4.3, an unauthenticated path traversal vulnerability in the load_preset() function allows attackers to read any .yaml file on the server filesystem. The parsed YAML key-value pairs, which may contain sensitive information such as passwords, API keys, and connection strings, are returned in the API response, leading to potential information disclosure.
Critical Impact
Unauthenticated attackers can exploit this path traversal vulnerability to access sensitive configuration files containing credentials, API keys, and connection strings from the server filesystem.
Affected Products
- text-generation-webui versions prior to 4.3
Discovery Timeline
- 2026-04-07 - CVE CVE-2026-35484 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-35484
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as Path Traversal. The vulnerability exists in the load_preset() function which fails to properly sanitize user-supplied input before using it to construct file paths. This allows an unauthenticated remote attacker to manipulate the path parameter to traverse outside the intended directory structure.
The attack surface is particularly concerning because the function parses YAML files and returns their contents in the API response. Since many YAML configuration files on servers contain sensitive credentials, database connection strings, and API keys, successful exploitation can lead to significant information disclosure without requiring any authentication.
Root Cause
The root cause of this vulnerability lies in insufficient input validation and sanitization in the load_preset() function. The function accepts user-controlled input to specify which preset file to load but does not properly restrict the file path to the intended preset directory. By using directory traversal sequences such as ../, an attacker can escape the preset directory and access arbitrary .yaml files anywhere on the filesystem that the web application has read permissions to access.
Attack Vector
The attack vector is network-based, meaning an unauthenticated remote attacker can exploit this vulnerability by sending crafted HTTP requests to the vulnerable API endpoint. The attacker manipulates the preset path parameter by injecting path traversal sequences (e.g., ../../../etc/config.yaml) to access YAML configuration files outside the intended directory.
The vulnerability is particularly dangerous because:
- No authentication required - Any network-accessible instance is vulnerable
- Direct credential exposure - YAML files often contain plaintext credentials
- API response leak - Sensitive file contents are returned directly to the attacker
- LLM infrastructure risk - AI/ML deployments often have access to valuable API keys and cloud credentials
For technical details and proof of concept, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-35484
Indicators of Compromise
- HTTP requests to preset loading endpoints containing path traversal sequences such as ../, ..%2f, or ..%5c
- Unusual API requests targeting the load_preset() functionality with non-standard file paths
- Access attempts to sensitive YAML files outside the designated preset directory in application logs
- Unexpected outbound network connections following credential exposure
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block path traversal patterns in request parameters
- Monitor application logs for requests containing directory traversal sequences targeting preset endpoints
- Deploy file integrity monitoring on sensitive configuration files to detect unauthorized read access
- Enable verbose logging on the text-generation-webui application to capture all preset loading attempts
Monitoring Recommendations
- Configure alerting for any requests containing encoded or double-encoded path traversal sequences
- Monitor authentication logs for suspicious activity that may indicate use of stolen credentials
- Establish baseline API usage patterns and alert on anomalous preset loading requests
- Review cloud provider audit logs for unusual API key usage following potential exposure
How to Mitigate CVE-2026-35484
Immediate Actions Required
- Upgrade text-generation-webui to version 4.3 or later immediately
- Restrict network access to text-generation-webui instances using firewall rules or network segmentation
- Rotate any credentials, API keys, or secrets that may have been exposed in YAML configuration files
- Audit access logs for evidence of prior exploitation attempts
Patch Information
The vulnerability is fixed in text-generation-webui version 4.3. Organizations should update to this version or later to remediate the vulnerability. For additional details about the security fix, see the GitHub Security Advisory.
Workarounds
- Deploy text-generation-webui behind a reverse proxy with authentication to prevent unauthenticated access
- Implement network-level access controls to restrict which hosts can connect to the web interface
- Move sensitive configuration files outside directories accessible to the web application where possible
- Monitor and restrict file system permissions to limit the scope of potential exposure
: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
