CVE-2026-34522

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.17.0

Description A path traversal vulnerability exists in the /api/chats/import API endpoint. An authenticated attacker can write files to locations outside the intended chats directory by injecting traversal sequences into the character name parameter. The character name parameter is used without proper sanitization when constructing the destination filename. This allows an attacker to escape the intended directory structure and write files to arbitrary locations, such as /tmp/..., potentially leading to integrity and availability issues.

Recommendations Upgrade to SillyTavern version 1.17.0 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-22

Related Identifiers

CVE-2026-34522

GHSA-XVWW-XHX6-22PF

Affected Products

Sillytavern

CVE-2026-34522

Weakness Enumeration

Related Identifiers

Affected Products

References · 6