SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6
- Severity:
- Medium
Description
Distinct from CVE-2025-59159 and CVE-2026-26286 (all fixed in v1.16.0). This endpoint is still unpatched.
In src/endpoints/search.js line 419, the hostname is checked against /^\d+\.\d+\.\d+\.\d+$/. This only matches literal dotted-quad IPv4 (e.g. 127.0.0.1, 10.0.0.1).
Recommendation
Update the sillytavern package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.16.0
- Patched version(s): 1.17.0
References
Related Issues
- SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl - CVE-2026-46372
- Strapi Upload Plugin MIME Validation Bypass via Content API - CVE-2026-22707
- Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation - CVE-2026-45548
- SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory - CVE-2026-34522
You might also like:
- Tags:
- npm
- sillytavern
Anything's wrong? Let us know Last updated on April 06, 2026