{"data":{"id":"344e06d6-f9ff-451e-a82f-08ba67c3788f","title":"CVE-2026-34523: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode","summary":"SillyTavern is a locally installed interface for interacting with text generation models and AI tools. Before version 1.17.0, it had a path traversal vulnerability (a flaw that lets attackers access files outside the intended directory) that allowed unauthenticated users to check whether files exist anywhere on the server by sending specially encoded requests with \"../\" sequences to the file routes.","solution":"This issue has been patched in version 1.17.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34523","publishedAt":"2026-04-02T18:16:29.613Z","cveId":"CVE-2026-34523","cweIds":["CWE-22"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SillyTavern"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-02T18:16:29.613Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}