CVE-2026-34524 in SillyTavern정보

요약 (영어)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url="..". This issue has been patched in version 1.17.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

GitHub_M

예약하다

2026. 03. 30.

공개

2026. 04. 02.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
354965	SillyTavern Chat secrets.json 디렉토리 순회	22	정의되지 않음	공식 수정	CVE-2026-34524

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

◂ 이전개요다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!