Platform
nodejs
Component
sillytavern
Fixed in
1.17.1
1.17.0
CVE-2026-34526 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in SillyTavern AI, a popular chatbot user interface. This flaw allows attackers to potentially access internal resources by manipulating hostname validation within the application. Versions prior to 1.17.0 are affected; upgrading to the latest version resolves the issue.
The SSRF vulnerability in SillyTavern AI arises from insufficient validation of hostnames in the search.js endpoint. The current validation only allows literal IPv4 dotted-quad addresses, failing to block hostnames like localhost, IPv6 loopback addresses ([::1]), or DNS names resolving to internal IPs (e.g., localtest.me). Successful exploitation could enable an attacker to trigger requests to internal services, potentially exposing sensitive data or gaining unauthorized access to internal systems. While the port check limits exploitation to default ports (80/443), the potential for internal reconnaissance and access to vulnerable internal services remains a significant risk.
This vulnerability is not currently listed on KEV. The EPSS score is likely low to medium, given the requirement for user interaction and the port restriction. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature makes it likely that such exploits will emerge. The CVE was published on 2026-04-01.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34526 is to upgrade SillyTavern AI to version 1.17.0 or later, which includes the necessary hostname validation fixes. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy with strict hostname filtering rules to block requests to potentially malicious internal addresses. Monitor SillyTavern AI logs for unusual outbound requests, particularly those targeting internal IP addresses or hostnames. Restrict network access to SillyTavern AI to only authorized users and systems.
Update SillyTavern to version 1.17.0 or later. This version corrects the incomplete IP validation in the /api/search/visit API, preventing SSRF attacks via localhost and IPv6.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34526 is a Server-Side Request Forgery vulnerability in SillyTavern AI versions before 1.17.0, allowing attackers to potentially access internal resources by bypassing hostname validation.
Yes, if you are using SillyTavern AI version 1.16.0 or earlier, you are vulnerable to this SSRF vulnerability.
Upgrade SillyTavern AI to version 1.17.0 or later to resolve the vulnerability. Consider WAF rules as a temporary workaround.
While no active exploitation has been confirmed, the vulnerability's nature makes it likely that exploits will emerge. Monitor your systems closely.
Refer to the SillyTavern AI project's official repository and release notes for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.