CVE-2026-46372 is a high-severity (CVSS 8.5) server-side request forgery (SSRF) vulnerability in SillyTavern, a locally installed user interface for interacting with AI models. The vulnerability exists in versions prior to 1.18.0 in the `/api/search/searxng` endpoint, which accepts attacker-controlled `baseUrl` parameters and uses them directly to construct outbound server-side HTTP requests. An authentic [truncated]
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.18.0, the corsProxyMiddleware component forwards req.params.url directly into a fetch(url, ...) call without adequate validation. The middleware only blocks circular requests to its own host and does not en [truncated]
A reflected cross-site scripting (XSS) vulnerability exists in SillyTavern prior to version 1.18.0. The application is a locally installed user interface for interacting with text generation large language models, image generation engines, and text-to-speech voice models. When the `fetch(url)` function throws an exception, the error handling code constructs an HTTP 500 response that concatenates an attack [truncated]
SillyTavern versions prior to 1.18.0 fail to validate that Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers originate from a trusted reverse proxy. When SSO is enabled via sso.autheliaAuth: true or sso.authentikAuth: true in config.yaml, any network client with direct access to the SillyTavern port can inject these headers to authenticate as arbitrary users, including administrator [truncated]
