Cve-2026-35486 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-35486/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 07 Apr 2026 16:16:26 +0000text-generation-webui SSRF Vulnerability (CVE-2026-35486)https://feed.craftedsignal.io/briefs/2026-04-text-generation-webui-ssrf/Tue, 07 Apr 2026 16:16:26 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-text-generation-webui-ssrf/The text-generation-webui application before version 4.3 is vulnerable to server-side request forgery (SSRF) due to insufficient validation of user-supplied URLs by the superbooga and superboogav2 RAG extensions, potentially leading to credential theft and internal network reconnaissance.The text-generation-webui application is an open-source web interface for running Large Language Models (LLMs). Prior to version 4.3, the superbooga and superboogav2 RAG (Retrieval-Augmented Generation) extensions are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. These extensions fetch user-provided URLs using the requests.get() function without proper validation. Specifically, there are no checks for URL schemes (e.g., file://, gopher://), IP address filtering, or hostname whitelisting. This lack of validation allows a malicious actor to craft URLs that target internal resources, cloud metadata endpoints (e.g., AWS, Azure, GCP), and other sensitive services. Successful exploitation can lead to the exfiltration of sensitive data, including IAM credentials, and allow an attacker to probe internal network infrastructure. Version 4.3 of text-generation-webui addresses this vulnerability.

Attack Chain

  1. An attacker identifies an instance of text-generation-webui running a vulnerable version (prior to 4.3) with the superbooga or superboogav2 RAG extension enabled.
  2. The attacker crafts a malicious URL targeting a cloud metadata endpoint (e.g., http://169.254.169.254/latest/meta-data/iam/security-credentials/).
  3. The attacker injects the malicious URL into a text-generation-webui RAG extension user input field.
  4. The application, using the requests.get() function, fetches the content from the attacker-controlled URL without validation.
  5. The cloud metadata, containing potentially sensitive information like temporary IAM credentials, is retrieved by the application.
  6. The retrieved data is processed through the RAG pipeline.
  7. The attacker leverages the RAG pipeline to extract the content from the application.
  8. The attacker uses the exfiltrated credentials to access and compromise other resources within the victim’s cloud environment.

Impact

Successful exploitation of CVE-2026-35486 can have significant consequences. An attacker can potentially gain unauthorized access to cloud resources by stealing IAM credentials. This could lead to data breaches, service disruption, and financial loss. The vulnerability affects any text-generation-webui instance running a version prior to 4.3 with the vulnerable RAG extensions enabled, impacting individuals and organizations utilizing this software for LLM-based applications.

Recommendation

  • Upgrade text-generation-webui to version 4.3 or later to remediate the SSRF vulnerability (CVE-2026-35486).
  • Deploy the Sigma rule “Detect text-generation-webui SSRF Attempt” to your SIEM to detect exploitation attempts targeting cloud metadata endpoints.
  • Monitor web server logs for outbound connections to internal IP addresses (e.g., 169.254.169.254) originating from the text-generation-webui application.
]]>highadvisoryssrftext-generation-webuicve-2026-35486cloud