CRITICAL🇵🇱 Wersja polska

CVE-2026-44649

CVSS 9.8v3.1pub. 2026-05-29upd. 2026-06-02

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.

🤖 AI Analysis
How it works

When the sso.autheliaAuth or sso.authentikAuth option is enabled in the config.yaml file, SillyTavern automatically authenticates the user based on the values of the appropriate HTTP headers. The application does not verify whether the request actually comes from a trusted reverse proxy (e.g., Authelia or Authentik). An attacker with direct network access to the SillyTavern port can set these headers themselves and impersonate any user, thereby bypassing the entire authentication mechanism (authentication bypass). This vulnerability is classified as lack of header source validation (CWE-346), lack of authentication for critical functions (CWE-306), identity spoofing (CWE-290), and reliance on untrusted input data when making security decisions (CWE-807).

Impact

An attacker can gain full access to the SillyTavern application as any user, including administrator, without providing a password — which can lead to takeover of configuration, user data, and integrated AI models.

Mitigation & patch

Update SillyTavern to version 1.18.0 or newer. Until updating, it is recommended to ensure that the SillyTavern port is not directly accessible from the network and that the sso.autheliaAuth and sso.authentikAuth options are disabled in config.yaml.

Who is affected

SillyTavern in versions before 1.18.0, only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both disabled by default)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References