CVE-2026-44649

CRITICAL EPSS 12.1%
Published May 29, 20261mo ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 29, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
12.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 4

CWE-290
CWE-306 Missing Authentication for Critical Function Authentication
CWE-346
CWE-807

References 1

  • github.com https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.