User Interface Vulnerability in SillyTavern by SillyTavern
CVE-2026-34526

5MEDIUM

Key Information:

Vendor: Sillytavern
Status: Sillytavern
Vendor: CVE Published:; 2 April 2026

🔔 Create Sillytavern Vulnerability Alert

What is CVE-2026-34526?

SillyTavern, a locally installed user interface for interaction with text and image generation models, has a vulnerability that arises from improper hostname validation. Prior to version 1.17.0, the application checks hostnames against a regex pattern that only validates literal IPv4 addresses. As a result, it fails to adequately handle localhost references, IPv6 loopback addresses, and DNS names that map to internal addresses. This limitation increases the risk of unauthorized access and exploitation, particularly since the application only enforces checks on default service ports (80/443). The issue has been addressed and patched in version 1.17.0, and users are strongly encouraged to update to this or later versions to safeguard against potential risks.

Affected Version(s)

SillyTavern < 1.17.0

References

https://github.com/SillyTavern/SillyTavern/security/advis...

x_refsource_CONFIRM

https://github.com/SillyTavern/SillyTavern/releases/tag/1...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34526 Data

JSON