- CVSS
- CRITICAL · 9.8 v3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Published
- 2026-05-29
- Weakness
- CWE-290, CWE-306, CWE-346, CWE-807
- Source
- nvd.nist.gov/vuln/detail/CVE-2026-44649
Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.
References
How GTK Cyber trains on this
AI security training at GTK Cyber covers the LLM and ML-pipeline vulnerability classes that vulnerabilities like CVE-2026-44649 fall into. Our hands-on courses are taught by Charles Givre and other practitioners who break and defend production AI systems.