CVE-2026-46372: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
(updated )
SillyTavern 1.17.0 exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it directly to build outbound server-side fetches. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive the /search response body.
Confirmed version: SillyTavern 1.17.0 from the audited source tree. Broader affected versions and patched versions should be confirmed by the maintainer.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-46372 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →