Sillytavern

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-26286 HIGH POC This Week

SillyTavern versions before 1.16.0 contain a server-side request forgery (SSRF) vulnerability in the asset download endpoint that allows authenticated users to make arbitrary HTTP requests from the server and access internal services, cloud metadata, and private network resources. Public exploit code exists for this vulnerability, which can be mitigated by upgrading to version 1.16.0 or configuring domain whitelisting in the config.yaml file.

SSRF AI / ML Sillytavern

NVD GitHub

CVSS 3.1

8.5

EPSS

0.0%

CVE-2026-26286

EPSS 0% CVSS 8.5

HIGH POC This Week

SillyTavern versions before 1.16.0 contain a server-side request forgery (SSRF) vulnerability in the asset download endpoint that allows authenticated users to make arbitrary HTTP requests from the server and access internal services, cloud metadata, and private network resources. Public exploit code exists for this vulnerability, which can be mitigated by upgrading to version 1.16.0 or configuring domain whitelisting in the config.yaml file.

SSRF AI / ML Sillytavern

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy