CVE-2026-34522
Published: 02 April 2026
Summary
CVE-2026-34522 is a high-severity Path Traversal (CWE-22) vulnerability in Sillytavern Sillytavern. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the path traversal vulnerability by identifying, testing, and installing the patch released in SillyTavern version 1.17.0.
Requires validation of the character_name input parameter to block traversal sequences like '../' before processing file writes.
Enforces least privilege on the SillyTavern process to restrict filesystem write access outside the intended chats directory, limiting exploitation impact.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The path traversal vulnerability in the network-accessible /api/chats/import endpoint directly enables exploitation of a public-facing application (T1190). It facilitates arbitrary file writes to unintended locations, allowing adversaries to transfer tools or files into the environment (T1105).
NVD Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to…
more
write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character_name. This issue has been patched in version 1.17.0.
Deeper analysisAI
CVE-2026-34522 is a path traversal vulnerability (CWE-22, CWE-73) affecting SillyTavern, a locally installed user interface for interacting with text generation large language models, image generation engines, and text-to-speech voice models. The issue resides in the /api/chats/import endpoint prior to version 1.17.0, where an attacker can inject traversal sequences into the character_name parameter to write attacker-controlled files outside the intended chats directory. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts.
An authenticated attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By crafting a malicious request to the import endpoint, the attacker can place arbitrary files in unintended locations on the filesystem, potentially overwriting critical configuration files, scripts, or other system resources, leading to unauthorized modifications (high integrity impact) or service disruption (high availability impact).
The SillyTavern security advisory (GHSA-xvww-xhx6-22pf) and release notes for version 1.17.0 confirm that the vulnerability has been patched by addressing the path traversal in the import functionality. Security practitioners should upgrade to version 1.17.0 or later to mitigate the issue.
SillyTavern's role in facilitating local interactions with AI/ML models like LLMs for text generation underscores its relevance in AI development environments, where filesystem access controls are critical to prevent supply chain compromises. No public reports of real-world exploitation are available as of the CVE publication on 2026-04-02.
Details
- CWE(s)