{"data":{"id":"e1ce7988-b305-4c89-81c9-897ebc8b37a8","title":"CVE-2026-35050: text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save ","summary":"text-generation-webui is an open-source web interface for running Large Language Models (AI systems that generate text). Before version 4.1.1, the application allowed users to save extension settings as Python files (code files that run on servers) in the main app directory, which could let attackers overwrite important Python files like 'download-model.py' and execute malicious code when users tried to download a new model.","solution":"This vulnerability is fixed in version 4.1.1.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-35050","publishedAt":"2026-04-06T18:16:42.583Z","cveId":"CVE-2026-35050","cweIds":["CWE-22"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["text-generation-webui"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"high","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-06T18:16:42.583Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}