VYPR

Textgen

by Oobabooga

Source repositories

CVEs (4)

  • CVE-2026-35050CriApr 6, 2026
    risk 0.52cvss 9.1epss 0.00

    text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be…

  • CVE-2026-35485HigApr 7, 2026
    risk 0.42cvss 7.5epss 0.01

    text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side…

  • CVE-2026-35484MedApr 7, 2026
    risk 0.27cvss 5.3epss 0.00

    text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs (including passwords,…

  • CVE-2026-35483MedApr 7, 2026
    risk 0.27cvss 5.3epss 0.00

    text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem.…