{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-35486/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-35486"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","text-generation-webui","cve-2026-35486","cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe text-generation-webui application is an open-source web interface for running Large Language Models (LLMs). Prior to version 4.3, the superbooga and superboogav2 RAG (Retrieval-Augmented Generation) extensions are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. These extensions fetch user-provided URLs using the \u003ccode\u003erequests.get()\u003c/code\u003e function without proper validation. Specifically, there are no checks for URL schemes (e.g., \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003egopher://\u003c/code\u003e), IP address filtering, or hostname whitelisting. This lack of validation allows a malicious actor to craft URLs that target internal resources, cloud metadata endpoints (e.g., AWS, Azure, GCP), and other sensitive services. Successful exploitation can lead to the exfiltration of sensitive data, including IAM credentials, and allow an attacker to probe internal network infrastructure. Version 4.3 of text-generation-webui addresses this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an instance of text-generation-webui running a vulnerable version (prior to 4.3) with the superbooga or superboogav2 RAG extension enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL targeting a cloud metadata endpoint (e.g., \u003ccode\u003ehttp://169.254.169.254/latest/meta-data/iam/security-credentials/\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious URL into a text-generation-webui RAG extension user input field.\u003c/li\u003e\n\u003cli\u003eThe application, using the \u003ccode\u003erequests.get()\u003c/code\u003e function, fetches the content from the attacker-controlled URL without validation.\u003c/li\u003e\n\u003cli\u003eThe cloud metadata, containing potentially sensitive information like temporary IAM credentials, is retrieved by the application.\u003c/li\u003e\n\u003cli\u003eThe retrieved data is processed through the RAG pipeline.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the RAG pipeline to extract the content from the application.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the exfiltrated credentials to access and compromise other resources within the victim\u0026rsquo;s cloud environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35486 can have significant consequences. An attacker can potentially gain unauthorized access to cloud resources by stealing IAM credentials. This could lead to data breaches, service disruption, and financial loss. The vulnerability affects any text-generation-webui instance running a version prior to 4.3 with the vulnerable RAG extensions enabled, impacting individuals and organizations utilizing this software for LLM-based applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade text-generation-webui to version 4.3 or later to remediate the SSRF vulnerability (CVE-2026-35486).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect text-generation-webui SSRF Attempt\u0026rdquo; to your SIEM to detect exploitation attempts targeting cloud metadata endpoints.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for outbound connections to internal IP addresses (e.g., 169.254.169.254) originating from the text-generation-webui application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T16:16:26Z","date_published":"2026-04-07T16:16:26Z","id":"/briefs/2026-04-text-generation-webui-ssrf/","summary":"The text-generation-webui application before version 4.3 is vulnerable to server-side request forgery (SSRF) due to insufficient validation of user-supplied URLs by the superbooga and superboogav2 RAG extensions, potentially leading to credential theft and internal network reconnaissance.","title":"text-generation-webui SSRF Vulnerability (CVE-2026-35486)","url":"https://feed.craftedsignal.io/briefs/2026-04-text-generation-webui-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-35486","version":"https://jsonfeed.org/version/1.1"}