Compliance Impact

CVE-2026-46372 is a Server-Side Request Forgery (SSRF) vulnerability that allows an authenticated low-privilege user to make the server fetch arbitrary internal or loopback HTTP services and disclose responses from internal services. This can lead to unauthorized access to sensitive internal data.

Such unauthorized disclosure of internal data can potentially violate data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to sensitive personal and health information.

Therefore, if exploited, this vulnerability could lead to non-compliance with these regulations due to the risk of confidential data exposure.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-46372 is a Server-Side Request Forgery (SSRF) vulnerability found in SillyTavern versions 1.17.0 and earlier. It exists in the `/api/search/searxng` endpoint, which accepts a `baseUrl` parameter controlled by an attacker without proper validation.

An authenticated low-privilege user can exploit this by specifying a malicious `baseUrl` that points to internal or loopback HTTP services. The server then makes outbound requests to these URLs and returns the response body, potentially exposing sensitive internal data.

This vulnerability was fixed in version 1.18.0 by introducing a server-side request filter called Private Request Whitelisting, although this filter is disabled by default.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts because it allows an attacker with low privileges to make the server fetch data from internal or loopback HTTP services.

• Disclosure of sensitive information from internal services.
• Access to admin panels or cloud metadata endpoints that are normally protected.
• Potential service discovery across private networks.

Overall, it leads to a high confidentiality impact, allowing attackers to gain unauthorized access to internal resources.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring and analyzing requests to the /api/search/searxng endpoint in SillyTavern versions 1.17.0 and earlier. Specifically, look for authenticated requests that include the baseUrl parameter pointing to internal or loopback HTTP services.

To detect potential exploitation attempts, you can search server logs or use network monitoring tools to identify outbound requests initiated by the server to internal IP addresses or localhost triggered by this endpoint.

Example commands to detect suspicious activity might include:

• Using grep to find requests with baseUrl in server logs: `grep "/api/search/searxng" /path/to/access.log | grep baseUrl`
• Using curl or similar tools to test the endpoint (requires authentication): `curl -X POST -H "Authorization: Bearer <token>" -d '{"baseUrl":"http://127.0.0.1"}' http://<sillytavern-host>/api/search/searxng`
• Monitoring outbound HTTP requests from the server to internal IP ranges or localhost using network tools like tcpdump or Wireshark.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade SillyTavern to version 1.18.0 or later, where this vulnerability is fixed by implementing a server-side request filter (Private Request Whitelisting).

If upgrading immediately is not possible, restrict access to the /api/search/searxng endpoint to trusted users only, and monitor for suspicious usage of the baseUrl parameter.

Additionally, consider implementing network-level controls to prevent the SillyTavern server from making outbound HTTP requests to internal or loopback addresses.

Useful 0 Not Useful 0