CVE-2026-34522
Received Received - Intake
Path Traversal in SillyTavern /api/chats/import Allows File Write

Publication date: 2026-04-02

Last updated on: 2026-04-13

Assigner: GitHub, Inc.

Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character_name. This issue has been patched in version 1.17.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34522
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sillytavern sillytavern to 1.17.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have a high impact on the integrity and availability of the system.

  • Attackers can create or overwrite files outside the intended directory, potentially injecting malicious files.
  • It can lead to disruption of service or disk abuse by placing files in arbitrary locations.

If combined with other local vulnerabilities, the impact could be more severe.

Compliance Impact

The vulnerability allows an authenticated attacker to write arbitrary files outside the intended directory, potentially injecting malicious files and disrupting availability. This high integrity and availability impact could lead to unauthorized modification or disruption of data.

However, there is no direct information provided about how this vulnerability specifically affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-34522 is a path traversal vulnerability in the SillyTavern application versions up to 1.16.0. It exists in the /api/chats/import endpoint, where an authenticated attacker can manipulate the character_name parameter to include path traversal sequences (like ../../) to write files outside the intended chat directory.

The vulnerability occurs because the character_name input is used unsafely to construct the filename without sanitization, allowing attackers to escape the designated directory and write files anywhere on the filesystem accessible by the service.

Exploitation requires authentication and a valid session, but no user interaction beyond that. The issue was fixed in version 1.17.0 by properly sanitizing the character_name input.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the /api/chats/import endpoint that include path traversal sequences in the character_name parameter.

For example, you can look for HTTP requests where character_name contains sequences like ../../ or similar traversal patterns.

A possible command to detect such attempts in web server logs (assuming logs contain the POST data) could be:

  • grep -i 'character_name=.*\.\./' /path/to/access.log

Additionally, monitoring file system changes outside the intended chats directory, especially creation of files in unexpected locations such as /tmp, may indicate exploitation attempts.

Since the vulnerability requires authentication, reviewing authenticated user activity for unusual import requests with suspicious character_name values is recommended.

Mitigation Strategies

The immediate mitigation step is to upgrade SillyTavern to version 1.17.0 or later, where the vulnerability has been patched by properly sanitizing the character_name input to prevent path traversal.

Until the upgrade can be applied, restrict access to the /api/chats/import endpoint to trusted authenticated users only, and monitor for suspicious activity as described.

Additionally, consider implementing file system monitoring to detect unauthorized file writes outside the intended directories.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34522. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart