CVSS 8.5 HIGH
Vulnerability
CVE-2026-46372: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
Resolution SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however…
8.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type
📋 Vulnerability Details
| CVE ID | CVE-2026-46372 |
| Vendor | npm |
| Affected Product | sillytavern |
| Vulnerability Type | Vulnerability |
| CVSS Score | 8.5 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
🔬 Technical Analysis
#
Resolution SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is being hosted over a network, as suggested by a console warning message and an officially published security checklist for administrators. Documentation: - https://docs.sillytavern.app/administration/config-yaml/#private-address-whitelisting
• https://docs.sillytavern.app/administration/#security-checklist
Note on future SSRF findings Since the request filter applies to the entire application, no SSRF vulnerabilities against individual endpoints will be accepted, unless it has been proven t
🎯 Known Indicators of Compromise
{"type":"url","value":"https://docs.sillytavern.app/administration/config-yaml/#private-address-whitelisting","confidence_score":0.82,"first_seen":"2026-05-19","source_count":1}
{"type":"url","value":"https://docs.sillytavern.app/administration/#security-checklist","confidence_score":0.82,"first_seen":"2026-05-19","source_count":1}
⚡ DETECTION RULES AVAILABLE
Get CVE-2026-46372 Detection Pack
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.
✓ Sigma Rules
✓ YARA Pack
✓ IOC Table
✓ SIEM Queries
🛡️ Get Detection Pack →
🔌 Access via API →