{"data":{"id":"75a4d970-b604-4b8a-ade1-ff5eb5173f9f","title":"CVE-2026-34524: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode","summary":"SillyTavern is a locally installed interface for interacting with text generation AI models and related tools. Before version 1.17.0, it had a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory) that allowed authenticated attackers to read and delete arbitrary files like secrets.json and settings.json by manipulating the avatar_url parameter.","solution":"This issue has been patched in version 1.17.0. Users should update to version 1.17.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34524","publishedAt":"2026-04-02T18:16:29.763Z","cveId":"CVE-2026-34524","cweIds":["CWE-22"],"cvssScore":"8.3","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SillyTavern"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-02T18:16:29.763Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}