{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34524", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:03:31.048Z", "datePublished": "2026-04-02T17:15:22.819Z", "dateUpdated": "2026-04-03T18:12:52.047Z"}, "containers": {"cna": {"title": "SillyTavern: Path traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf"}, {"name": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0"}], "affected": [{"vendor": "SillyTavern", "product": "SillyTavern", "versions": [{"version": "< 1.17.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T17:15:22.819Z"}, "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url=\"..\". This issue has been patched in version 1.17.0."}], "source": {"advisory": "GHSA-vprr-q85p-79mf", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:30:06.582826Z", "id": "CVE-2026-34524", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T18:12:52.047Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34524", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T18:30:06.582826Z"}}}], "references": [{"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:30:15.841Z"}}], "cna": {"title": "SillyTavern: Path traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root", "source": {"advisory": "GHSA-vprr-q85p-79mf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "SillyTavern", "product": "SillyTavern", "versions": [{"status": "affected", "version": "< 1.17.0"}]}], "references": [{"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "name": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "name": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url=\"..\". This issue has been patched in version 1.17.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T17:15:22.819Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34524", "state": "PUBLISHED", "dateUpdated": "2026-04-03T18:12:52.047Z", "dateReserved": "2026-03-30T16:03:31.048Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T17:15:22.819Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sillytavern:sillytavern:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7E2E14B3-75EF-4DC4-84BE-8C2F5D6949A4", "versionEndExcluding": "1.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url=\"..\". This issue has been patched in version 1.17.0."}], "id": "CVE-2026-34524", "lastModified": "2026-04-13T18:43:05.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-02T18:16:29.763", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.17.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SillyTavern", "source": "cna", "vendor": "SillyTavern"}, "product": "sillytavern", "vendor": "sillytavern"}], "analysis": {"en": {"generated_at": "2026-04-13T19:52:35.160978+00:00", "value": {"mitigation_remediation": ["Upgrade SillyTavern to version 1.17.0 or later."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Read/Deletion"}, "threat_synthesis": {"affected_systems": "SillyTavern versions published before 1.17.0, running locally and accessed via the web interface. Any user who can log in to the local instance can exploit the vulnerable endpoints and impact the user\u2019s data directory.", "description_and_impact": "A path traversal flaw in SillyTavern\u2019s /api/chats/export and /api/chats/delete endpoints allows an authenticated user to read or delete any file beneath the user\u2019s data root, such as secrets.json and settings.json. The weakness is a file path manipulation vulnerability (CWE-22), granting the attacker compromise of confidential data and the ability to alter or destroy user configuration files.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.3, indicating high severity, while the EPSS assessment is below 1%, suggesting a low current likelihood of exploitation. It is not listed in the CISA KEV catalog. The attack requires only a locally authenticated session, so the risk is greatest for users running the application with sufficient privileges, who can trigger the file read or delete operations."}}}}, "created": "2026-04-03T07:32:19.168673+00:00", "updated": "2026-04-14T16:42:00.137223+00:00", "vendors": ["sillytavern", "sillytavern$PRODUCT$sillytavern"]}