CVE-2026-34526
Received Received - Intake
SSRF Vulnerability in SillyTavern Search Endpoint Before

Publication date: 2026-04-02

Last updated on: 2026-04-13

Assigner: GitHub, Inc.

Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+\.\d+\.\d+\.\d+$/. This only matches literal dotted-quad IPv4 (e.g. 127.0.0.1, 10.0.0.1). It does not catch: localhost (hostname, not dotted-quad), [::1] (IPv6 loopback), and DNS names resolving to internal addresses (e.g. localtest.me -> 127.0.0.1). A separate port check (urlObj.port !== '') limits exploitation to services on default ports (80/443), making this lower severity than a fully unrestricted SSRF. This issue has been patched in version 1.17.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34526
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sillytavern sillytavern to 1.17.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34526 is a Server-Side Request Forgery (SSRF) vulnerability in the SillyTavern npm package, affecting versions up to 1.16.0.

The vulnerability exists because the hostname validation only checks for IPv4 dotted-quad addresses using a regular expression, which fails to block hostnames like 'localhost', IPv6 loopback addresses like '[::1]', and DNS names resolving to internal IPs such as 'localtest.me'.

This allows authenticated users to make the server send requests to internal services on default HTTP/HTTPS ports (80 and 443) by bypassing the IP validation.

The server then returns the full response body from these internal requests to the attacker.

The issue was fixed in version 1.17.0 by improving IPv6 address validation to properly block these bypasses.

Impact Analysis

This vulnerability allows an authenticated attacker to perform SSRF attacks by making the SillyTavern server send requests to internal network services on ports 80 or 443.

Such attacks can expose internal services that are not normally accessible externally, potentially leaking sensitive information contained in the response bodies.

Because the attacker receives the full response from the internal requests, they may gain unauthorized access to internal data or services.

However, the impact is limited by the port restriction and the need for attacker authentication, making this a moderate severity issue.

Detection Guidance

This vulnerability can be detected by testing the /api/search/visit endpoint for Server-Side Request Forgery (SSRF) attempts using hostnames and IPv6 addresses that bypass the IP validation regex.

  • Send HTTP requests to the endpoint using hostnames such as 'localhost' or IPv6 loopback addresses like '[::1]' and observe the server response.
  • Example curl commands to test the vulnerability:
  • curl -X POST http://<target>/api/search/visit -d '{"url":"http://localhost/"}' -H 'Content-Type: application/json'
  • curl -X POST http://<target>/api/search/visit -d '{"url":"http://[::1]/"}' -H 'Content-Type: application/json'

If the server returns HTTP 500 errors or includes response bodies from internal requests, it indicates the vulnerability is present.

Mitigation Strategies

The immediate mitigation step is to upgrade SillyTavern to version 1.17.0 or later, where the vulnerability has been fixed by improved IPv6 and hostname validation.

Until the upgrade can be applied, restrict access to the vulnerable endpoint to trusted authenticated users only, as the vulnerability requires authentication.

Additionally, monitor and block suspicious requests attempting to use hostnames like 'localhost' or IPv6 loopback addresses in the /api/search/visit endpoint.

Compliance Impact

The provided information does not specify any direct impact of this SSRF vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34526. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart