{"data":{"id":"1bbcf0f9-1d9b-4cdd-a3ce-dff7e4f89e68","title":"CVE-2026-44650: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode","summary":"SillyTavern is a locally installed interface for interacting with text generation AI models, image generators, and voice tools. Prior to version 1.18.0, a vulnerability allowed attackers to delete the entire user extensions directory without authentication by sending a specially crafted request to the delete endpoint that bypassed filename validation (a security check that prevents malicious file paths).","solution":"This vulnerability is fixed in version 1.18.0. Users should update SillyTavern to 1.18.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44650","publishedAt":"2026-05-29T19:16:24.857Z","cveId":"CVE-2026-44650","cweIds":["CWE-22"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SillyTavern"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-29T19:16:24.857Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}