PatchSiren cyber security CVE debrief

CVE-2026-44649 SillyTavern CVE debrief

SillyTavern versions prior to 1.18.0 fail to validate that Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers originate from a trusted reverse proxy. When SSO is enabled via sso.autheliaAuth: true or sso.authentikAuth: true in config.yaml, any network client with direct access to the SillyTavern port can inject these headers to authenticate as arbitrary users, including administrators, without credentials. Both SSO options default to false, limiting exposure to explicitly configured instances. The vulnerability was disclosed on 2026-05-29 and is resolved in version 1.18.0.

Vendor: SillyTavern
Product: Unknown
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-29
Original CVE updated: 2026-05-29
Advisory published: 2026-05-29
Advisory updated: 2026-05-29

Who should care

Organizations running SillyTavern with SSO authentication enabled (sso.autheliaAuth: true or sso.authentikAuth: true) are at critical risk. System administrators, security teams, and users hosting SillyTavern instances accessible from untrusted networks should prioritize patching. The default configuration (both SSO options disabled) is not vulnerable.

Technical summary

The vulnerability exists in SillyTavern's SSO authentication implementation. When sso.autheliaAuth or sso.authentikAuth is enabled in config.yaml, the application accepts Remote-User or X-Authentik-Username HTTP headers to automatically authenticate users. The application does not verify that these headers are set by a trusted reverse proxy, allowing any client with network access to the application port to supply arbitrary header values and impersonate any user account. This represents a complete authentication bypass when SSO is enabled. The fix in version 1.18.0 adds validation to ensure headers originate from trusted sources.

Defensive priority

critical

Recommended defensive actions

Upgrade SillyTavern to version 1.18.0 or later
If immediate patching is not possible, disable sso.autheliaAuth and sso.authentikAuth in config.yaml (set both to false)
Configure network-level access controls to restrict direct access to SillyTavern ports, ensuring all traffic passes through a trusted reverse proxy that strips or validates authentication headers
Review authentication logs for anomalous header-based login attempts prior to the fix date
Verify reverse proxy configuration properly strips or overwrites Remote-User and X-Authentik-Username headers from untrusted sources

Evidence notes

Vulnerability confirmed by GitHub Security Advisory GHSA-gxx6-h3g6-vwjh. CVSS 3.1 score 9.8 (Critical) assigned. CWE-290 (Authentication Bypass by Spoofing), CWE-306 (Missing Authentication for Critical Function), CWE-346 (Origin Validation Error), and CWE-807 (Reliance on Untrusted Inputs in a Security Decision) identified. Fix version 1.18.0 confirmed.

Official resources

2026-05-29