{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34522", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:03:31.048Z", "datePublished": "2026-04-02T17:13:44.322Z", "dateUpdated": "2026-04-02T19:00:48.579Z"}, "containers": {"cna": {"title": "SillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-xvww-xhx6-22pf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-xvww-xhx6-22pf"}, {"name": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0"}], "affected": [{"vendor": "SillyTavern", "product": "SillyTavern", "versions": [{"version": "< 1.17.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T17:13:44.322Z"}, "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character_name. This issue has been patched in version 1.17.0."}], "source": {"advisory": "GHSA-xvww-xhx6-22pf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T19:00:38.994339Z", "id": "CVE-2026-34522", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:00:48.579Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34522", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T19:00:38.994339Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:00:44.311Z"}}], "cna": {"title": "SillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory", "source": {"advisory": "GHSA-xvww-xhx6-22pf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "SillyTavern", "product": "SillyTavern", "versions": [{"status": "affected", "version": "< 1.17.0"}]}], "references": [{"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-xvww-xhx6-22pf", "name": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-xvww-xhx6-22pf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "name": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character_name. This issue has been patched in version 1.17.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T17:13:44.322Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34522", "state": "PUBLISHED", "dateUpdated": "2026-04-02T19:00:48.579Z", "dateReserved": "2026-03-30T16:03:31.048Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T17:13:44.322Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sillytavern:sillytavern:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7E2E14B3-75EF-4DC4-84BE-8C2F5D6949A4", "versionEndExcluding": "1.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character_name. This issue has been patched in version 1.17.0."}], "id": "CVE-2026-34522", "lastModified": "2026-04-13T18:34:46.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T18:16:29.453", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-xvww-xhx6-22pf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.17.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SillyTavern", "source": "cna", "vendor": "SillyTavern"}, "product": "sillytavern", "vendor": "sillytavern"}], "analysis": {"en": {"generated_at": "2026-04-13T19:29:59.165159+00:00", "value": {"mitigation_remediation": ["Upgrade SillyTavern to version 1.17.0 or later.", "Restrict access to /api/chats/import to authorized users only.", "Ensure the chat directory has write permissions only for the application process.", "Monitor logs for unexpected file creation outside the chat directory."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Write"}, "threat_synthesis": {"affected_systems": "Affected systems are SillyTavern installations in all versions earlier than 1.17.0. Users who run the locally installed application and authenticate to the API before the 1.17.0 release are vulnerable. The problem was fixed in release 1.17.0.", "description_and_impact": "The vulnerability is a path\u2011traversal flaw in the /api/chats/import endpoint of SillyTavern. By injecting directory traversal sequences into the character_name field, an authenticated user can cause the application to write files outside the designated chats directory. This allows the attacker to create or overwrite arbitrary files on the system, potentially enabling code execution, data exfiltration, or other abuses. The weakness is classified as CWE\u201122 and CWE\u201173, resulting in an arbitrary file write that compromises integrity and confidentiality of the host environment.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity, but the EPSS score is below 1%, suggesting a low current exploitation probability. Because the flaw requires an authenticated session, the actual risk is limited to users who can log in to the local interface or have local access to the server. The vulnerability is not listed in the CISA KEV catalog, so there are no known exploits yet, but the high severity warrants prompt action."}}}}, "created": "2026-04-03T07:32:22.250502+00:00", "updated": "2026-04-14T16:42:02.446218+00:00", "vendors": ["sillytavern", "sillytavern$PRODUCT$sillytavern"]}