CVE-2026-34522
Path Traversal in SillyTavern /api/chats/import Allows File Write
Publication date: 2026-04-02
Last updated on: 2026-04-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sillytavern | sillytavern | to 1.17.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated attacker to write arbitrary files outside the intended directory, potentially injecting malicious files and disrupting availability. This high integrity and availability impact could lead to unauthorized modification or disruption of data.
However, there is no direct information provided about how this vulnerability specifically affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34522 is a path traversal vulnerability in the SillyTavern application versions up to 1.16.0. It exists in the /api/chats/import endpoint, where an authenticated attacker can manipulate the character_name parameter to include path traversal sequences (like ../../) to write files outside the intended chat directory.
The vulnerability occurs because the character_name input is used unsafely to construct the filename without sanitization, allowing attackers to escape the designated directory and write files anywhere on the filesystem accessible by the service.
Exploitation requires authentication and a valid session, but no user interaction beyond that. The issue was fixed in version 1.17.0 by properly sanitizing the character_name input.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the /api/chats/import endpoint that include path traversal sequences in the character_name parameter.
For example, you can look for HTTP requests where character_name contains sequences like ../../ or similar traversal patterns.
A possible command to detect such attempts in web server logs (assuming logs contain the POST data) could be:
- grep -i 'character_name=.*\.\./' /path/to/access.log
Additionally, monitoring file system changes outside the intended chats directory, especially creation of files in unexpected locations such as /tmp, may indicate exploitation attempts.
Since the vulnerability requires authentication, reviewing authenticated user activity for unusual import requests with suspicious character_name values is recommended.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade SillyTavern to version 1.17.0 or later, where the vulnerability has been patched by properly sanitizing the character_name input to prevent path traversal.
Until the upgrade can be applied, restrict access to the /api/chats/import endpoint to trusted authenticated users only, and monitor for suspicious activity as described.
Additionally, consider implementing file system monitoring to detect unauthorized file writes outside the intended directories.
How can this vulnerability impact me? :
This vulnerability can have a high impact on the integrity and availability of the system.
- Attackers can create or overwrite files outside the intended directory, potentially injecting malicious files.
- It can lead to disruption of service or disk abuse by placing files in arbitrary locations.
If combined with other local vulnerabilities, the impact could be more severe.