SSRF in Sillytavern

CVE-2026-44652

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (4.5th percentile) — read the EPSS interpretation.