CVE-2026-44651

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0

Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. A reflected Cross-Site Scripting (XSS) issue exists in the CORS proxy error response. When the fetch(url) function throws an error, the application returns a 500 status response containing the url value without HTML-escaping it. An attacker can control this value via the url variable in the 'GET /proxy/:url(*)' endpoint. This allows for the execution of arbitrary JavaScript in the victim's context, which could lead to the theft of tokens and compromise of session or data integrity.

Recommendations Update to version 1.18.0. As a temporary workaround, restrict access to the 'GET /proxy/:url(*)' endpoint to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-44651

GHSA-XC4X-2452-5GC9

Affected Products

Sillytavern

CVE-2026-44651

Weakness Enumeration

Related Identifiers

Affected Products

References · 7