CVE-2026-44650
Deferred Deferred - Pending Action
Path Traversal in SillyTavern Allows Directory Deletion

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. This vulnerability is fixed in 1.18.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-30
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44650
EUVD
EUVD-2026-33404
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sillytavern sillytavern to 1.18.0 (exc)
sillytavern sillytavern 1.18.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can lead to the permanent loss of all installed third-party extensions by recursively deleting the entire user extensions directory.

If global settings are enabled, it can also cause deletion of the global extensions directory.

The impact affects the integrity and availability of the application, potentially disrupting its normal operation.

Executive Summary

CVE-2026-44650 is a critical path traversal vulnerability in the SillyTavern application affecting versions 1.17.0 and earlier.

The flaw exists in multiple API endpoints, including /api/extensions/delete, where the application validates the extensionName parameter before sanitizing it.

An attacker can bypass security checks by sending a dot (.) as the input, which the sanitize-filename library converts to an empty string.

This causes the path.join function to resolve to the base directory itself, resulting in the deletion of the entire user extensions directory recursively.

No authentication is required in the default configuration, making it exploitable by any user with network access to the SillyTavern instance.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the `/api/extensions/delete` endpoint with the `extensionName` parameter set to a dot ("."). Such requests bypass filename sanitization and may trigger recursive deletion of the extensions directory.

To detect exploitation attempts on your system or network, you can use network monitoring tools or web server logs to search for POST requests targeting `/api/extensions/delete` with payloads containing `extensionName=.`.

Example commands to detect such attempts include:

  • Using grep on web server logs: `grep -i 'POST /api/extensions/delete' /var/log/nginx/access.log | grep 'extensionName=.'`
  • Using tcpdump to capture HTTP POST requests to the vulnerable endpoint: `tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/api/extensions/delete'`
  • Using curl or similar tools to test if the endpoint is vulnerable by sending a crafted POST request with `extensionName=.` and observing if the extensions directory is affected.
Mitigation Strategies

The immediate mitigation step is to upgrade SillyTavern to version 1.18.0 or later, where this vulnerability is fixed.

If upgrading immediately is not possible, restrict network access to the SillyTavern instance to trusted users only, as the vulnerability requires no authentication in default configuration.

Additionally, monitor and block any POST requests to `/api/extensions/delete` with suspicious `extensionName` parameters such as a single dot (".").

Consider implementing additional access controls or firewall rules to prevent unauthorized access to the vulnerable API endpoints.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart