Cyber Resilience

CVE-2026-35485

High

Published: 07 April 2026

Published
07 April 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0041 61.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35485 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-35485 is an unauthenticated path traversal vulnerability in the load_grammar() function of text-generation-webui, an open-source web interface for running Large Language Models. Versions prior to 4.3 are affected, where the vulnerability stems from a lack of server-side validation of dropdown values in Gradio, allowing arbitrary file reads on the server filesystem without extension restrictions.

An unauthenticated remote attacker can exploit this by sending POST requests with directory traversal payloads, such as "../../../etc/passwd", via the API endpoint. Successful exploitation results in the full contents of the targeted file being returned in the response, enabling unauthorized access to sensitive data like configuration files or system information.

The GitHub security advisory for text-generation-webui states that the vulnerability is fixed in version 4.3, recommending users upgrade to this or later versions for mitigation.

This issue is particularly relevant to deployments of AI/ML inference tools, as text-generation-webui is commonly used to host LLM interfaces exposed over networks. No real-world exploitation has been reported in available sources.

EU & UK References

Vulnerability details

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown values,…

more

so an attacker can POST directory traversal payloads (e.g., ../../../etc/passwd) via the API and receive the full file contents in the response. This vulnerability is fixed in 4.3.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: gradio, text-generation-webui

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Unauthenticated path traversal in public-facing web UI (Gradio) enables remote arbitrary file reads, directly mapping to T1190 (Exploit Public-Facing Application) for initial access and T1005 (Data from Local System) for retrieving sensitive files like configs or system data.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-12824Shared CWE-22
CVE-2026-25965Shared CWE-22
CVE-2025-30567Shared CWE-22
CVE-2025-27098Shared CWE-22
CVE-2024-55457Shared CWE-22
CVE-2024-54909Shared CWE-22
CVE-2026-3405Shared CWE-22
CVE-2025-41368Shared CWE-22
CVE-2026-23850Shared CWE-22
CVE-2024-13471Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of server-side validation in load_grammar() by requiring validation of dropdown inputs to block directory traversal payloads like ../../../etc/passwd.

prevent

Mitigates the vulnerability by requiring identification, reporting, and correction of the specific flaw fixed in text-generation-webui version 4.3.

prevent

Enforces logical access controls to limit file reads to authorized resources, countering unauthorized access enabled by the path traversal vulnerability.

References