Path traversal in Text Generation Web UI - CVE-2026-35050
Published: April 24, 2026
Vulnerability identifier: #VU127417
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-35050
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: oobabooga
Affected software:
Text Generation Web UI
Text Generation Web UI
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to path traversal in the extension settings save functionality when handling crafted file path and file content input. A remote privileged user can overwrite python files in the application root directory to execute arbitrary code.
Exploitation can be triggered when the overwritten file is later invoked from the Model menu during a model download operation.
How to mitigate CVE-2026-35050
Install security update from vendor's website.