CVE-2026-44648 Unknown Vendor CVE debrief

Who should care

SillyTavern users and administrators, especially anyone relying on password changes to cut off access from stolen or shared sessions. Security teams should care most if the app is exposed to untrusted networks or if session cookies could be stolen through XSS, malware, browser compromise, or physical access.

Technical summary

The advisory states that SillyTavern uses cookie-session for authentication and stores session data in a signed client-side cookie. The password-change and recovery endpoints update the password hash in the database, but do not expire or revoke already issued sessions. Because the session state is effectively client-held, there is no server-side revocation path for existing cookies, so authenticated sessions can remain valid after a password reset. The issue maps to CWE-613 (Insufficient Session Expiration) and is rated CVSS 3.1 7.5 High in the supplied source.

Defensive priority

High. The core security expectation after a password reset is that prior sessions are cut off. If they are not, a stolen cookie can preserve account access and undermine incident response. This is particularly important for any deployment where account compromise would expose chats, API keys, or other sensitive user data.

Recommended defensive actions

• Upgrade SillyTavern to 1.18.0 or later, which the advisory lists as the first patched version.
• Treat password change as insufficient for account recovery until confirmed by a session-revocation mechanism; verify that all active sessions are invalidated after resets.
• Review whether any sensitive actions depend only on session cookie validity, and add additional checks where appropriate.
• Harden cookie handling and reduce the chance of session theft by minimizing XSS exposure, using secure transport, and protecting endpoints that expose secrets.
• If compromise is suspected, rotate credentials and investigate for any active sessions that may still be valid after the password change.

Evidence notes

All claims above are taken from the supplied GitHub advisory record GHSA-wmm3-h9qj-p5v6 and its linked references. The advisory description explicitly says password changes do not invalidate existing sessions, that SillyTavern relies on cookie-session with session data stored in a signed cookie, and that POST /api/users/change-password and POST /api/users/recover-step2 update the password hash without expiring sessions. The source lists affected npm package sillytavern as <= 1.17.0 and the first patched version as 1.18.0. Published and modified timestamps are 2026-05-12T22:23:20Z and 2026-05-14T06:14:04Z, respectively.

Official resources