CVE-2026-46372
HIGH NUCLEISillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
Title source: cnaExploitation Summary
CVE-2026-46372 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it directly to build outbound server-side fetches. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive the /search response body. This vulnerability is fixed in 1.18.0.
Nuclei Templates (1)
SillyTavern - Server-Side Request Forgery
HIGHVERIFIEDby theamanrawat
Shodan:
http.title:"SillyTavern"
FOFA:
title="SillyTavern"
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-qg89-qwwh-5f3j
Scores
CVSS v3
8.5
EPSS
0.0289
EPSS Percentile
86.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
npm/sillytavern
0 - 1.18.0npm
SillyTavern/SillyTavern
< 1.18.0
Published
May 29, 2026
Tracked Since
May 30, 2026