Path Traversal Vulnerability in SillyTavern User Interface
CVE-2026-34522

8.1HIGH

Key Information:

Vendor: Sillytavern
Status: Sillytavern
Vendor: CVE Published:; 2 April 2026

🔔 Create Sillytavern Vulnerability Alert

What is CVE-2026-34522?

SillyTavern, a user interface for interacting with text generation models, has a path traversal vulnerability in its import functionality. This flaw permits authenticated attackers to manipulate the system by injecting traversal sequences through the 'character_name' parameter, enabling them to create or overwrite files outside the designated chats directory. The issue has been rectified in version 1.17.0, emphasizing the need for users to update to this release to ensure their systems remain secure.

Affected Version(s)

SillyTavern < 1.17.0

References

https://github.com/SillyTavern/SillyTavern/security/advis...

x_refsource_CONFIRM

https://github.com/SillyTavern/SillyTavern/releases/tag/1...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34522 Data

JSON