SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user
- Severity:
- High
Description
A Path Traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url="..".
Recommendation
Update the sillytavern package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.16.0
- Patched version(s): 1.17.0
References
Related Issues
- SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory - CVE-2026-34522
- SillyTavern: Path Traversal allows file existence oracle - CVE-2026-34523
- ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction - CVE-2026-32731
- Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read - CVE-2026-40163
You might also like:
- Tags:
- npm
- sillytavern
Anything's wrong? Let us know Last updated on April 06, 2026