CVE-2026-44651
SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware
Description
## Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. ## Overview - Vulnerability Type: XSS - Affected Location: `src/middleware/corsProxy.js:40` - Trigger Scenario: reflected XSS in CORS proxy error response ## Root Cause When `fetch(url)` throws, the code sends: `res.status(500).send('Error occurred while trying to proxy to: ' + url + ' ' + error)`. The `url` value is attacker-controlled (`req.params.url`) and is not HTML-escaped before rendering. ## Source-to-Sink Chain 1. Source (user-controlled input) - Entry point: `GET /proxy/:url(*)` 2. Data flow - Code analysis shows concrete propagation into this sink: - vulnerability title: `Reflected XSS in CORS proxy error response` - sink location reached by attacker-controlled input: `src/middleware/corsProxy.js:40` - The same sink behavior is confirmed by controlled execution observations. 3. Sink (dangerous operation) - Sink location: `src/middleware/corsProxy.js:40` - Vulnerable behavior: reflected XSS in CORS proxy error response ## Exploitation Preconditions 1. The attacker can inject controllable content into a rendered response. 2. The vulnerable rendering context does not apply strict output encoding/sanitization. 3. A victim user opens the affected page or response. ## Risk This issue enables script execution in the victim context and can compromise session or data integrity. ## Impact An attacker may run arbitrary JavaScript in the victim context, steal tokens, and manipulate user-visible behavior. ## Remediation 1. Never concatenate raw user input into HTML error responses. 2. If URL echo is required, HTML-escape it or force plain-text output. 3. Re-enable/strengthen CSP to reduce reflected injection impact.
How to fix CVE-2026-44651
To remediate CVE-2026-44651, upgrade the affected package to a fixed version below.
- —upgrade to 1.18.0 or later
Is CVE-2026-44651 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.