CVE-2026-44649
published 2026-05-29CVE-2026-44649: SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.22%
12.1th percentile
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sillytavern | sillytavern | < 1.18.0 | 1.18.0 |
| sillytavern | sillytavern | >= 0 < 1.18.0 | 1.18.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SillyTavern up to 1.17.x User Interface authentication spoofing
vuldb·2026-05-29·CVSS 9.8
CVE-2026-44649 [CRITICAL] SillyTavern up to 1.17.x User Interface authentication spoofing
A vulnerability, which was classified as critical, has been found in SillyTavern up to 1.17.x. Affected is an unknown function of the component User Interface. This manipulation causes authentication bypass by spoofing.
This vulnerability appears as CVE-2026-44649. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
GHSA
SillyTavern has Authentication Bypass via SSO Header Injection
ghsa·2026-05-12
CVE-2026-44649 [CRITICAL] CWE-290 SillyTavern has Authentication Bypass via SSO Header Injection
SillyTavern has Authentication Bypass via SSO Header Injection
## Resolution
SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs.
Documentation: https://docs.sillytavern.app/administration/sso/
## Summary
SillyTavern accepts `Remote-User` (Authelia) and `X-Authentik-Username` (Authentik) HTTP
headers to automatically log in users when SSO is configured. There is no validation that
these headers originate from a trusted reverse proxy. Any network client that can reach
the SillyTavern port directly can inject these headers and authenticate as any user,
including administrators, without a password. This vulnerability is expl
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-29
Published