CVE-2026-44649

CRITICAL 9.8

SillyTavern: Authentication Bypass via SSO Header Injection

CVSS Score

9.8

EPSS Score

0.1%

EPSS Percentile

21th

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.

CWE	CWE-290 CWE-306 CWE-346 CWE-807
Vendor	sillytavern
Product	sillytavern
Published	May 29, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for sillytavern sillytavern

Be the first to know when new critical vulnerabilities affecting sillytavern sillytavern are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

SillyTavern / SillyTavern

< 1.18.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh