CVE-2026-34524 in SillyTavernИнформация

Сводка (Английский)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url="..". This issue has been patched in version 1.17.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

GitHub_M

Резервировать

30.03.2026

Раскрытие

02.04.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИДУязвимостьCWEЭксКонCVE
354965SillyTavern Chat secrets.json обход каталога22Не определеноОфициальное исправлениеCVE-2026-34524

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

ПредыдущийОбзорДалее

Want to stay up to date on a daily basis?

Enable the mail alert feature now!