CVE-2026-44652: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode
mediumvulnerabilityLLM-Specific
security
Summary
SillyTavern is a locally installed interface for interacting with text generation AI models and other AI tools. Versions before 1.18.0 had a vulnerability where the corsProxyMiddleware (a component that handles web requests) would forward user-supplied URLs directly to the fetch function without proper security checks, allowing SSRF (server-side request forgery, where an attacker tricks the server into making requests to unintended targets) attacks.
Solution / Mitigation
This vulnerability is fixed in version 1.18.0.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
May 29, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44652
First tracked: May 29, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%