CVE-2026-34526
SSRF Vulnerability in SillyTavern Search Endpoint Before
Publication date: 2026-04-02
Last updated on: 2026-04-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sillytavern | sillytavern | to 1.17.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34526 is a Server-Side Request Forgery (SSRF) vulnerability in the SillyTavern npm package, affecting versions up to 1.16.0.
The vulnerability exists because the hostname validation only checks for IPv4 dotted-quad addresses using a regular expression, which fails to block hostnames like 'localhost', IPv6 loopback addresses like '[::1]', and DNS names resolving to internal IPs such as 'localtest.me'.
This allows authenticated users to make the server send requests to internal services on default HTTP/HTTPS ports (80 and 443) by bypassing the IP validation.
The server then returns the full response body from these internal requests to the attacker.
The issue was fixed in version 1.17.0 by improving IPv6 address validation to properly block these bypasses.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to perform SSRF attacks by making the SillyTavern server send requests to internal network services on ports 80 or 443.
Such attacks can expose internal services that are not normally accessible externally, potentially leaking sensitive information contained in the response bodies.
Because the attacker receives the full response from the internal requests, they may gain unauthorized access to internal data or services.
However, the impact is limited by the port restriction and the need for attacker authentication, making this a moderate severity issue.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /api/search/visit endpoint for Server-Side Request Forgery (SSRF) attempts using hostnames and IPv6 addresses that bypass the IP validation regex.
- Send HTTP requests to the endpoint using hostnames such as 'localhost' or IPv6 loopback addresses like '[::1]' and observe the server response.
- Example curl commands to test the vulnerability:
- curl -X POST http://<target>/api/search/visit -d '{"url":"http://localhost/"}' -H 'Content-Type: application/json'
- curl -X POST http://<target>/api/search/visit -d '{"url":"http://[::1]/"}' -H 'Content-Type: application/json'
If the server returns HTTP 500 errors or includes response bodies from internal requests, it indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade SillyTavern to version 1.17.0 or later, where the vulnerability has been fixed by improved IPv6 and hostname validation.
Until the upgrade can be applied, restrict access to the vulnerable endpoint to trusted authenticated users only, as the vulnerability requires authentication.
Additionally, monitor and block suspicious requests attempting to use hostnames like 'localhost' or IPv6 loopback addresses in the /api/search/visit endpoint.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this SSRF vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.