Platform
nodejs
Component
sillytavern
Fixed in
1.17.1
1.17.0
CVE-2026-34524 represents a Path Traversal vulnerability discovered within the chat endpoints of SillyTavern. An attacker, after authentication, can exploit this flaw to read and even delete arbitrary files located within the user's data directory, potentially exposing sensitive information like configuration files or credentials. This vulnerability primarily affects versions of SillyTavern released before version 1.17.0, and a patch addressing this issue has been released by the developers.
A Path Traversal vulnerability in SillyTavern's chat endpoints allows an authenticated attacker to read and delete arbitrary files within the user's data root. This is achieved by manipulating the avatar_url parameter with sequences like .., which is not correctly blocked by the input validator. The severity of this vulnerability is rated as CVSS 8.3, indicating a significant risk. Potentially compromised files include secrets.json and settings.json, which could expose sensitive information or alter application configuration. Successful exploitation could result in data loss, application behavior modification, and potentially unauthorized access to other system resources.
An authenticated attacker, with access to SillyTavern's chat functions, can exploit this vulnerability by sending a malicious request with an avatarurl value containing path traversal sequences (e.g., avatarurl=../../../../etc/passwd). The current input validator only blocks / and NUL bytes, allowing .. sequences to be interpreted as instructions to navigate up the filesystem’s directory structure. This allows the attacker to access files outside the user's data directory, potentially compromising system security.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
CVSS Vector
The solution to this vulnerability is to update SillyTavern to version 1.17.0 or later. This version includes a fix that strengthens the input validator for the avatar_url parameter, properly blocking path traversal sequences like ... It is recommended to apply this update as soon as possible to mitigate the risk of exploitation. Additionally, review access policies and permissions within the application to ensure users only have access to necessary resources. Monitoring application logs for suspicious activity can also help detect and respond to potential exploitation attempts.
Update SillyTavern to version 1.17.0 or higher. This corrects the path traversal vulnerability that allows the reading and deletion of arbitrary files within the user data directory.
Vulnerability analysis and critical alerts directly to your inbox.
It's a type of vulnerability that allows an attacker to access files or directories outside the intended directory, using sequences like '..' to navigate the directory structure.
Version 1.17.0 contains a fix that blocks path traversal sequences in the avatar_url parameter, mitigating the vulnerability.
The secrets.json and settings.json files are particularly vulnerable as they may contain sensitive configuration information.
If you can't update immediately, consider restricting access to the application and monitoring logs for suspicious activity.
You can verify the SillyTavern version in the 'About' section of the application.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.