CVE-2026-44649: SillyTavern has Authentication Bypass via SSO Header Injection

May 12, 2026 (updated June 9, 2026)

SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false).

References

github.com/SillyTavern/SillyTavern/releases/tag/1.18.0
github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh
github.com/advisories/GHSA-gxx6-h3g6-vwjh
nvd.nist.gov/vuln/detail/CVE-2026-44649

Code Behaviors & Features

Detect and mitigate CVE-2026-44649 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →