SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-t…

SillyTavern, a locally installed user interface for interacting with text generation large language models, image generation engines, and text-to-speech voice models, contains a server-side request forgery (SSRF) vulnerability prior to version 1.18.0. The vulnerability exists in the /api/search/searxng endpoint which accepts attacker-controlled baseUrl parameters and uses them directly to build outbound server-side fetches. An authenticated low-privilege user can exploit this to point the baseUrl at internal or loopback HTTP services and receive response bodies from internal services. This allows unauthorized access to internal network resources that should not be accessible to external users. The vulnerability has been fixed in version 1.18.0.