CVE-2026-44651: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode
Summary
SillyTavern is a locally installed interface for interacting with text generation AI models and related tools. Prior to version 1.18.0, the software had a cross-site scripting vulnerability (XSS, where attackers inject malicious code into web pages), because user-controlled URLs were displayed in error messages without being HTML-escaped (made safe for web display), allowing attackers to inject harmful scripts.
Solution / Mitigation
This vulnerability is fixed in version 1.18.0. Users should update SillyTavern to 1.18.0 or later.
Vulnerability Details
EPSS: 0.0%
May 29, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44651
First tracked: May 29, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%