CVE-2026-44649

CRITICAL

SillyTavern: Authentication Bypass via SSO Header Injection

Title source: cna

Description

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh

Scores

CVSS v3 9.8

EPSS 0.0022

EPSS Percentile 12.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-290 CWE-306 CWE-346 CWE-807

Status published

Products (2)

npm/sillytavern 0 - 1.18.0npm

SillyTavern/SillyTavern < 1.18.0

Published May 29, 2026

Tracked Since May 30, 2026