SB2026042411 - Multiple vulnerabilities in Text Generation Web UI
Published: April 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in file path validation logic when handling file or directory path requests. A remote attacker can alter the letter case of a blocked file or directory path to disclose sensitive information.
Exploitation is limited to case-insensitive file systems such as those used by Windows and macOS, and does not affect Linux.
2) Path traversal (CVE-ID: CVE-2026-35484)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to path traversal in load_preset() in modules/presets.py when processing a crafted preset name through the API. A remote attacker can send a specially crafted request to disclose sensitive information.
The issue is limited to reading files with a .yaml extension, and the parsed key-value pairs are returned in the API response.
3) Path traversal (CVE-ID: CVE-2026-35485)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to path traversal in load_grammar() in modules/ui_parameters.py when handling crafted requests to the /gradio_api/call/load_grammar endpoint. A remote attacker can send a specially crafted request with directory traversal sequences to disclose sensitive information.
Because the submitted dropdown value is not server-side validated and no file extension is appended, any file readable by the server process may be returned.
4) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-35486)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to server-side request forgery in the superbooga and superboogav2 URL fetching functionality when processing user-supplied URLs. A remote attacker can submit a crafted URL to disclose sensitive information.
The fetched content is stored in the RAG pipeline and can become visible in subsequent LLM responses.
5) Path traversal (CVE-ID: CVE-2026-35483)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to path traversal in load_template() when processing a crafted template name in an API request. A remote attacker can send a specially crafted request to disclose sensitive information.
The issue can expose readable .jinja, .jinja2, .yaml, or .yml files outside the intended instruction-templates directory; .jinja and .jinja2 content is returned verbatim, while yaml-based files return the instruction_template key.
6) Path traversal (CVE-ID: CVE-2026-35487)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to path traversal in load_prompt() when handling a crafted API request for a prompt filename. A remote attacker can send a specially crafted request with directory traversal sequences to disclose sensitive information.
The issue is limited to reading .txt files, and the file content is returned verbatim in the API response.
7) Improper Handling of Case Sensitivity (CVE-ID: N/A)
CWE-ID: CWE-178 - Improper Handling of Case Sensitivity
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in file path validation logic when handling file or directory paths. A remote attacker can alter the letter case of a blocked file or directory path to disclose sensitive information.
Only case-insensitive file systems, such as those commonly used by Windows and macOS, are affected; Linux is not affected.
Remediation
Install update from vendor's website.
References
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-r2qq-p5wg-gf5g
- https://github.com/oobabooga/textgen/security/advisories/GHSA-r2qq-p5wg-gf5g
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-w3cv-4447-5hf5
- https://github.com/advisories/GHSA-w3cv-4447-5hf5
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-hqg5-487v-5mc6
- https://github.com/advisories/GHSA-hqg5-487v-5mc6
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jvrj-w5hq-6cp2
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-85fx-vw25-4c95
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-mfgg-vvc6-vqq7