{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34524", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:03:31.048Z", "datePublished": "2026-04-02T17:15:22.819Z", "dateUpdated": "2026-04-03T18:12:52.047Z"}, "containers": {"cna": {"title": "SillyTavern: Path traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf"}, {"name": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0"}], "affected": [{"vendor": "SillyTavern", "product": "SillyTavern", "versions": [{"version": "< 1.17.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T17:15:22.819Z"}, "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url=\"..\". This issue has been patched in version 1.17.0."}], "source": {"advisory": "GHSA-vprr-q85p-79mf", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:30:06.582826Z", "id": "CVE-2026-34524", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T18:12:52.047Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url=\"..\". This issue has been patched in version 1.17.0."}], "id": "CVE-2026-34524", "lastModified": "2026-04-03T19:17:22.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T18:16:29.763", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.17.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SillyTavern", "source": "cna", "vendor": "SillyTavern"}, "product": "sillytavern", "vendor": "sillytavern"}], "analysis": {"en": {"generated_at": "2026-04-02T22:33:09.996667+00:00", "value": {"mitigation_remediation": ["Upgrade SillyTavern to version 1.17.0 or newer", "Limit access to the application to trusted local accounts", "If an upgrade is not immediately possible, disable or shield the /api/chats/export and /api/chats/delete endpoints until the patch can be applied"], "summary": {"action": "Immediate update", "impact": "Arbitrary read and deletion of user data files"}, "threat_synthesis": {"affected_systems": "The issue affects the SillyTavern user interface for local machine use, with all releases prior to version 1.17.0 vulnerable. The patch was applied in release 1.17.0 and newer. No additional product or vendor variants are listed.", "description_and_impact": "This flaw stems from a path\u2011traversal vulnerability in the chat export and delete endpoints of SillyTavern. By submitting an authenticated request with avatar_url set to \"..\", an attacker can read or delete any file located under the application\u2019s user data root, such as secrets.json and settings.json. The vulnerability is classified as CWE\u201122 and permits both confidentiality compromise through exfiltration of sensitive files and integrity damage through file deletion.", "risk_and_exploitability": "The CVSS score of 8.3 indicates high severity, though exploitation requires local authenticated access to the application. The EPSS score is currently unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not yet widely exploited. In practice, any user who can run SillyTavern and possesses valid credentials can craft a request to reveal or delete arbitrary files within their user data root, thereby gaining covert access to private configuration or destroying key files that may disrupt the user\u2019s workflow. The attack vector is inferred to be a local authenticated user invoking the vulnerable endpoint, as described."}}}}, "created": "2026-04-03T07:32:19.168673+00:00", "updated": "2026-04-03T09:18:07.227504+00:00", "vendors": ["sillytavern", "sillytavern$PRODUCT$sillytavern"]}