Path Traversal in Oobabooga Text-generation-webui
CVE-2026-35050
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance th…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.001 (26.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Oobabooga Text-generation-webui — versions < 4.1.1
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-35050?
- CVE-2026-35050 is a critical-severity vulnerability in Oobabooga Text-generation-webui, classified under Path Traversal. CVSS score: 9.1/10. Published 2026-04-06.
- How severe is CVE-2026-35050?
- Critical severity. CVSS v3 base score is 9.1 out of 10.