Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. by sending percent-encoded "../" sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0.
Published: 2026-04-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: File existence disclosure via path traversal
Action: Patch immediately
AI Analysis

Impact

A path traversal flaw in SillyTavern’s static file handler lets an unauthenticated user send percent‑encoded '../' sequences to probe file existence. The flaw creates a file existence oracle that can reveal whether arbitrary files are present on the server. While it does not allow modifications or code execution, the disclosed information could assist attackers in planning further exploits by identifying sensitive files.

Affected Systems

Any instance of SillyTavern before version 1.17.0 is affected. The vulnerability resides in the static file routing component of the locally installed user interface that serves content for text, image, and voice generation models.

Risk and Exploitability

The flaw has a CVSS score of 5.3, indicating moderate severity. Exploit probability data is not publicly available, and the issue does not appear in major vulnerability catalogs. The attack surface is the web interface; any client that can reach the application’s static routes can craft requests, meaning local or remote users with access to the HTTP service could exploit the vulnerability.

Generated by OpenCVE AI on April 2, 2026 at 22:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SillyTavern to version 1.17.0 or later.

Generated by OpenCVE AI on April 2, 2026 at 22:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-525j-2hrj-m8fp SillyTavern: Path Traversal allows file existence oracle
History

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sillytavern
Sillytavern sillytavern
Vendors & Products Sillytavern
Sillytavern sillytavern

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. by sending percent-encoded "../" sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0.
Title SillyTavern: Path traversal allows file existence oracle
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Sillytavern Sillytavern
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T15:56:24.472Z

Reserved: 2026-03-30T16:03:31.048Z

Link: CVE-2026-34523

cve-icon Vulnrichment

Updated: 2026-04-03T15:56:15.595Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:29.613

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-34523

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:09Z

Weaknesses