{"data":{"id":"8e3c23fb-1bb4-4855-a468-c223506729b5","title":"CVE-2026-35484: text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticate","summary":"CVE-2026-35484 is a path traversal vulnerability (a bug where an attacker can access files outside the intended folder) in text-generation-webui, an open-source tool for running large language models through a web interface. Before version 4.3, attackers could read any .yaml file (a configuration file format) on the server without needing to log in, potentially exposing sensitive data like passwords and API keys in the response.","solution":"This vulnerability is fixed in version 4.3. Users should update text-generation-webui to version 4.3 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-35484","publishedAt":"2026-04-07T15:17:45.530Z","cveId":"CVE-2026-35484","cweIds":["CWE-22"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["text-generation-webui"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-07T15:17:45.530Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}