PT-2026-40548 · Sillytavern+2 · Sillytavern
Forimoc
·
Published
2026-05-12
·
Updated
2026-05-29
·
CVE-2026-44652
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SillyTavern versions prior to 1.18.0
Description
SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. The
corsProxyMiddleware function forwards the url variable from req.params.url directly into a fetch() operation. This process only blocks circular requests to its own host and fails to enforce destination allowlists or private/loopback restrictions, leading to Server-Side Request Forgery (SSRF), a flaw where a server is tricked into making unauthorized requests to internal or external resources. This issue occurs at the '/proxy/:url(*)' endpoint. An attacker can use this to pivot network access, reach unintended internal resources, access internal network services or metadata endpoints, and exfiltrate sensitive responses.Recommendations
Update to version 1.18.0.
Enable and properly configure the Private Request Whitelisting filter, especially when the instance is hosted over a network.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sillytavern