CVE-2026-44649 | SillyTavern is a locally installed user interface that allow… | CVSS 9.8 CRITICAL

Description

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.

Metadata

CVE ID: CVE-2026-44649
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-07 15:30 UTC
Published: 2026-05-29 17:45 UTC
Last updated: 2026-06-02 01:48 UTC
Primary CWE: CWE-290
CWE-290: Authentication Bypass by Spoofing
Vendor / Product: SillyTavern / SillyTavern
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
SillyTavern	SillyTavern	—	< 1.18.0

Weakness (CWE)

CWE	Source	Description
CWE-290	cna	CWE-290: Authentication Bypass by Spoofing
CWE-306	cna	CWE-306: Missing Authentication for Critical Function
CWE-346	cna	CWE-346: Origin Validation Error
CWE-807	cna	CWE-807: Reliance on Untrusted Inputs in a Security Decision

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh