{"data":{"id":"2722031a-10f6-434e-a947-b188b35970dc","title":"CVE-2026-34526: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode","summary":"SillyTavern, a local application that lets users interact with AI text generation models and other AI tools, had a security flaw in versions before 1.17.0 where it didn't properly validate all types of network addresses. The validation only checked for standard IPv4 addresses (like 127.0.0.1) but missed other ways to refer to the local computer, such as 'localhost' or IPv6 addresses, which could allow SSRF (server-side request forgery, where an attacker tricks the application into making unwanted network requests to internal services).","solution":"Update to version 1.17.0 or later, where this issue has been patched.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34526","publishedAt":"2026-04-02T18:16:29.917Z","cveId":"CVE-2026-34526","cweIds":["CWE-918"],"cvssScore":"5","cvssSeverity":"medium","severity":"medium","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SillyTavern"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-02T18:16:29.917Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0020","AML.T0051.001"]}}