{"data":{"id":"34367b3a-be7a-4873-b1a0-af1772133dff","title":"CVE-2026-46372: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode","summary":"SillyTavern, a locally installed tool for interacting with AI text and image generation models, had a vulnerability in versions before 1.18.0 where the /api/search/searxng endpoint allowed authenticated users to trick the server into making requests to internal or hidden services (SSRF, or server-side request forgery, where an attacker manipulates a server into accessing resources it shouldn't). An attacker could use this to access data from services that should only be available internally.","solution":"This vulnerability is fixed in version 1.18.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-46372","publishedAt":"2026-05-29T19:16:25.483Z","cveId":"CVE-2026-46372","cweIds":["CWE-918"],"cvssScore":"8.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SillyTavern"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-29T19:16:25.483Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}