External risk intelligence

SillyTavern: Unauthorized User Authentication Risk.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-44649

A vulnerability in SillyTavern's single sign-on configuration could allow unauthorized users to impersonate any user, including administrators, without a password. This affects organizations using specific, optional SSO features. The business risk involves potential unauthorized access and control of the application.

2Halo Surface Signal

Missing Authentication

External exposure likelihood

Halo Surface Signal score for CVE-2026-44649

SillyTavern is a locally installed user interface typically run for personal or internal use. While it is network-reachable, public internet exposure is uncommon and not the intended deployment pattern. The vulnerability specifically requires the user to enable optional SSO configurations that are disabled by default.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

SillyTavern, a user interface for interacting with AI models, has a vulnerability related to its single sign-on (SSO) configuration. When certain SSO options are enabled, the application does not properly validate incoming HTTP headers. This flaw allows any network-connected client to impersonate any user, including administrators, without needing a password, provided direct access to the SillyTavern port is possible.

  • Vulnerable application component
  • Missing header validation
  • Unauthorized administrator access

Attack Path

How an attacker could exploit the issue

This vulnerability allows an attacker to gain unauthorized access to the SillyTavern application by exploiting how it handles authentication headers. When specific single sign-on (SSO) features are enabled, the application may not adequately verify that these authentication headers originate from trusted sources. This could enable an attacker to impersonate legitimate users, including administrators.

  • Exposed network port.
  • Inject authentication headers.
  • Gain administrator control.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to gain administrative access to the SillyTavern application. Exploitation requires specific, optional Single Sign-On configurations to be enabled. Attackers could potentially impersonate any user, including administrators, without needing a password.

  • Attackers need no technical skill.
  • Specific SSO features must be enabled.
  • Business risk is high if SSO is active.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The identified vulnerability in SillyTavern could allow unauthorized access to user accounts, including administrative privileges, without requiring a password if specific Single Sign-On (SSO) configurations are enabled. This could lead to unauthorized data access, modification, or system compromise. The risk is present only when the optional `sso.autheliaAuth` or `sso.authentikAuth` settings are activated in the configuration.

  • Identify assets with the SSO configuration enabled.
  • Disable optional SSO configurations if not actively used.
  • Update the software to the fixed version.

Frequently asked questions

What is SillyTavern and its function?

SillyTavern is a locally installed user interface that facilitates interaction with advanced AI technologies. It enables users to engage with large language models for text generation, image generation engines, and text-to-speech voice models.

What is the primary weakness in SillyTavern and its classification?

The weakness in SillyTavern is categorized as CWE-290 (Authentication through network access) and CWE-306 (Authentication Bypass by Alternate Name). It arises from a failure to validate specific HTTP headers when certain single sign-on (SSO) features are activated, potentially allowing unauthorized access.

How can an attacker exploit SillyTavern's authentication flaw?

An attacker can exploit this vulnerability by injecting specific HTTP headers, such as Remote-User or X-Authentik-Username, when SSO is configured with `sso.autheliaAuth: true` or `sso.authentikAuth: true`. This bypasses the need for a password, enabling access as any user, including administrators, as long as the attacker can reach the SillyTavern port directly.

What is the relevance of the SillyTavern vulnerability on the internet?

The vulnerability in SillyTavern, CVE-2026-44649, presents a critical risk because it allows for unauthenticated remote code execution by enabling an attacker to impersonate any user, including administrators. This risk is amplified if the optional SSO configurations are enabled, though this is not the default behavior.

What steps should be taken to mitigate the SillyTavern authentication risk?

To mitigate this risk, users should identify assets with SSO configurations enabled and consider disabling optional features like `sso.autheliaAuth` or `sso.authentikAuth` if they are not actively used. Updating SillyTavern to version 1.18.0 or later will address this vulnerability.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified