{"data":{"id":"cfa3220e-1937-42ed-8422-0637878dcbce","title":"CVE-2026-44651: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode","summary":"SillyTavern is a locally installed interface for interacting with text generation AI models and related tools. Prior to version 1.18.0, the software had a cross-site scripting vulnerability (XSS, where attackers inject malicious code into web pages), because user-controlled URLs were displayed in error messages without being HTML-escaped (made safe for web display), allowing attackers to inject harmful scripts.","solution":"This vulnerability is fixed in version 1.18.0. Users should update SillyTavern to 1.18.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44651","publishedAt":"2026-05-29T19:16:24.993Z","cveId":"CVE-2026-44651","cweIds":["CWE-79"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SillyTavern"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-29T19:16:24.993Z","capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0051"]}}