Description
SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting).
Recommendation
Update the sillytavern package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.17.0
- Patched version(s): 1.18.0
References
Related Issues
- SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware - CVE-2026-44651
- i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters - CVE-2026-42353
- SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl - CVE-2026-46372
- liquidjs has a path traversal fallback vulnerability - CVE-2026-30952
You might also like:
- Tags:
- npm
- sillytavern
Anything's wrong? Let us know Last updated on May 12, 2026


