CVE-2026-34523 Overview
CVE-2026-34523 is a path traversal vulnerability affecting SillyTavern, a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a flaw in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. By sending percent-encoded ../ sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0.
Critical Impact
Unauthenticated attackers can probe the server filesystem to discover sensitive files and configurations, potentially aiding in further attacks against the system.
Affected Products
- SillyTavern versions prior to 1.17.0
Discovery Timeline
- 2026-04-02 - CVE CVE-2026-34523 published to NVD
- 2026-04-02 - Last updated in NVD database
Technical Details for CVE-2026-34523
Vulnerability Analysis
This vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as Path Traversal. The flaw exists in the static file route handler of SillyTavern, which fails to properly sanitize user-supplied input containing URL-encoded path traversal sequences.
When processing requests to static file routes, the application does not adequately validate or sanitize path components. An attacker can exploit this by injecting percent-encoded directory traversal sequences (%2E%2E%2F, which decodes to ../) into the request URL. Although the vulnerability does not allow direct file content retrieval, it enables attackers to enumerate files anywhere on the server's filesystem by observing response differences.
This information disclosure vulnerability can be exploited remotely over the network without requiring authentication, making it accessible to any unauthenticated user who can reach the SillyTavern instance.
Root Cause
The root cause of this vulnerability is insufficient input validation in the static file route handler. The application fails to properly normalize and validate file paths before checking their existence, allowing encoded traversal sequences to escape the intended web root directory. The handler does not implement adequate path canonicalization or blocklist filtering for traversal patterns before processing requests.
Attack Vector
The attack is executed over the network by sending crafted HTTP requests to static file routes with percent-encoded path traversal sequences. An attacker sends requests containing %2E%2E%2F patterns to navigate outside the intended static file directory.
For example, an attacker could craft requests targeting common sensitive files like /etc/passwd on Linux systems or configuration files. The server's response behavior (such as different HTTP status codes or response times) reveals whether the targeted file exists, allowing systematic enumeration of the filesystem structure.
This reconnaissance technique can identify the presence of sensitive configuration files, database files, SSH keys, or other critical system files, which could facilitate subsequent exploitation attempts.
Detection Methods for CVE-2026-34523
Indicators of Compromise
- HTTP requests to static routes containing URL-encoded sequences like %2E%2E%2F or %2E%2E/
- Repeated requests probing for common system file paths such as /etc/passwd, /etc/shadow, or Windows system files
- Unusual patterns of 404/200 responses to systematically varied file path requests
- Access logs showing sequential directory enumeration patterns
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block URL-encoded path traversal sequences in request URIs
- Configure intrusion detection systems (IDS) to alert on patterns matching directory traversal attempts including encoded variants
- Deploy log analysis rules to identify requests containing multiple ../ or %2E%2E%2F sequences targeting static file endpoints
- Monitor for reconnaissance behavior characterized by high volumes of requests to non-existent paths
Monitoring Recommendations
- Enable verbose access logging on the SillyTavern instance and forward logs to a SIEM for analysis
- Set up alerts for requests containing path traversal indicators targeting the static file handler
- Monitor for unusual request patterns from single IP addresses that may indicate automated enumeration
- Review server access logs regularly for evidence of file existence probing attempts
How to Mitigate CVE-2026-34523
Immediate Actions Required
- Upgrade SillyTavern to version 1.17.0 or later immediately to remediate the vulnerability
- If immediate upgrade is not possible, restrict network access to the SillyTavern instance using firewall rules
- Enable authentication for all routes if the application supports it
- Review access logs for evidence of prior exploitation attempts
Patch Information
The vulnerability has been patched in SillyTavern version 1.17.0. Users should upgrade to this version or later to address the path traversal issue. For detailed release information, refer to the GitHub Release 1.17.0. Additional security details are available in the GitHub Security Advisory GHSA-525j-2hrj-m8fp.
Workarounds
- Place SillyTavern behind a reverse proxy that sanitizes and blocks path traversal sequences
- Implement network-level access controls to limit which hosts can reach the SillyTavern service
- Deploy a web application firewall (WAF) configured to detect and block encoded traversal patterns
- Run SillyTavern in a containerized environment to limit filesystem exposure
# Example: Restrict access to SillyTavern using iptables
# Only allow connections from trusted local network
iptables -A INPUT -p tcp --dport 8000 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
