Platform
nodejs
Component
sillytavern
Fixed in
1.17.1
1.17.0
CVE-2026-34522 represents a Path Traversal vulnerability discovered in SillyTavern, specifically within the /api/chats/import endpoint. This flaw allows an authenticated attacker to write files to arbitrary locations on the system by manipulating the character_name parameter, bypassing intended directory restrictions. The vulnerability impacts SillyTavern versions before 1.17.0, and a patch is available in version 1.17.0.
A path traversal vulnerability in /api/chats/import of SillyTavern (CVE-2026-34522) allows an authenticated attacker to write attacker-controlled files outside the intended chats directory. This is achieved by injecting path traversal sequences into the charactername parameter. If an attacker can authenticate to SillyTavern, they can potentially overwrite critical system files or configuration files, potentially leading to remote code execution or denial of service. The CVSS score of 8.1 indicates a significant risk, especially in environments where authentication is weak or the attack surface is broad. The vulnerability lies in the way charactername is used without proper validation when constructing the destination file path.
An attacker needs to have authenticated access to the SillyTavern API to exploit this vulnerability. This could be achieved by using valid credentials or, in some cases, exploiting other vulnerabilities in the authentication system. Once authenticated, the attacker can send a POST request to /api/chats/import with a character_name that contains path traversal sequences, such as ../, to write files outside the intended chats directory. The success of the exploitation depends on the authenticated user's permissions on the underlying file system.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
The solution to this vulnerability is to update SillyTavern to version 1.17.0 or later. This version includes a fix that sanitizes the character_name input before it is used to construct the file path. Additionally, robust user input validation should be implemented throughout the application, especially in API endpoints that handle files. Regularly audit code for potential path traversal vulnerabilities and use static analysis tools to help identify these issues. Restrict file access permissions to minimize the potential impact of a successful exploitation.
Update SillyTavern to version 1.17.0 or higher. This version fixes the path traversal vulnerability that allows file writing outside the intended chat directory.
Vulnerability analysis and critical alerts directly to your inbox.
Path traversal is a vulnerability that allows an attacker to access files or directories outside of the intended directory.
Users could experience data loss, remote code execution, or denial of service if an attacker successfully exploits the vulnerability.
Immediately update to version 1.17.0 or later.
While not recommended, restricting file access permissions may help mitigate the impact.
Yes, all SillyTavern installations using versions prior to 1.17.0 are vulnerable.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.