EXECUTIVE SUMMARY:
CVE-2026-46372 with a CVSS score of 8.5 is a Server-Side Request Forgery (SSRF) vulnerability in the npm package sillytavern, specifically impacting versions less than or equal to 1.17.0. The vulnerability arises from the `/api/search/searxng` route, which accepts attacker-controlled `baseUrl` and uses it directly to build outbound server-side fetches without performing any validation, IP range, DNS, or scheme checks. An authenticated low-privilege user can exploit this vulnerability by pointing `baseUrl` at an internal or loopback HTTP service and receiving the `/search` response body. This allows an attacker to disclose responses from loopback or internal HTTP services, effectively gaining capability to access internal resources. The business impact of this vulnerability is significant, as it can lead to unauthorized access and potential data breaches, compromising the confidentiality, integrity, and availability of sensitive information. To exploit this vulnerability, an attacker requires a valid SillyTavern web session or access to a deployment where user accounts are disabled.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-46372 with a CVSS score of 8.5 is a Server-Side Request Forgery (SSRF) vulnerability in the npm package sillytavern, specifically impacting versions less than or equal to 1.17.0. The vulnerability arises from the `/api/search/searxng` route, which accepts attacker-controlled `baseUrl` and uses it directly to build outbound server-side fetches without performing any validation, IP range, DNS, or scheme checks. An authenticated low-privilege user can exploit this vulnerability by pointing `baseUrl` at an internal or loopback HTTP service and receiving the `/search` response body. This allows an attacker to disclose responses from loopback or internal HTTP services, effectively gaining capability to access internal resources. The business impact of this vulnerability is significant, as it can lead to unauthorized access and potential data breaches, compromising the confidentiality, integrity, and availability of sensitive information. To exploit this vulnerability, an attacker requires a valid SillyTavern web session or access to a deployment where user accounts are disabled.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-qg89-qwwh-5f3j