Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. by sending percent-encoded "../" sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0.
Published: 2026-04-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive information disclosure
Action: Apply Patch
AI Analysis

Impact

A path traversal flaw in SillyTavern’s static file handler permits an unauthenticated user to confirm the presence of any file on the server by sending percent‑encoded '../' sequences. The result is a file‑existence oracle that reveals the file system layout and can expose sensitive data files. Although the vulnerability does not directly enable code execution, it provides a useful foothold for further attacks that rely on knowledge of the file structure.

Affected Systems

The flaw affects the SillyTavern locally installed user interface, covering all versions released before 1.17.0 that run on Node.js. The vulnerability applies to any instance of SillyTavern where the static file route is reachable by external or local users.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the EPSS score of less than 1% shows that automated exploitation attempts are unlikely at present. Because the attack target is an unauthenticated local or remote user who can reach the static routes, the risk is higher in environments where the application is exposed to untrusted traffic. The issue is not listed in the CISA KEV catalog, suggesting no known active exploitation in the wild.

Generated by OpenCVE AI on April 13, 2026 at 19:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SillyTavern to version 1.17.0 or newer.

Generated by OpenCVE AI on April 13, 2026 at 19:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-525j-2hrj-m8fp SillyTavern: Path Traversal allows file existence oracle
History

Mon, 13 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:sillytavern:sillytavern:*:*:*:*:*:node.js:*:*

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sillytavern
Sillytavern sillytavern
Vendors & Products Sillytavern
Sillytavern sillytavern

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. by sending percent-encoded "../" sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0.
Title SillyTavern: Path traversal allows file existence oracle
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Sillytavern Sillytavern
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T15:56:24.472Z

Reserved: 2026-03-30T16:03:31.048Z

Link: CVE-2026-34523

cve-icon Vulnrichment

Updated: 2026-04-03T15:56:15.595Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T18:16:29.613

Modified: 2026-04-13T18:35:55.150

Link: CVE-2026-34523

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:42:01Z

Weaknesses