CVE-2026-34526 | SillyTavern 1.13.4/1.16.0 localhost/IPv6 /api/search/visit server-side request forgery

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in SillyTavern 1.13.4/1.16.0 and classified as critical. This issue affects some unknown processing of the file /api/search/visit of the component localhost/IPv6. Executing a manipulation can lead to server-side request forgery.

This vulnerability is registered as CVE-2026-34526. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-34526 | SillyTavern 1.13.4/1.16.0 localhost/IPv6 /api/search/visit server-side request forgery

Post correlati

CVE-2025-15501 | Sangfor Operation and Maintenance Management System up to 3.0.8 getCmd WriterHandle.getCmd sessionPath os command injection

CVE-2025-5898 | GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb utilities/pspp-convert.c parse_variables_option out-of-bounds write (Bug 67071)

CVE-2024-8494 | Elementor Website Builder Pro Plugin up to 3.25.10 on WordPress Shortcode elementor-template information disclosure

CVE-2025-47326 | Qualcomm Snapdragon CCW up to WSA8845H buffer over-read