Executive Summary

CVE-2026-44649 is a critical authentication bypass vulnerability in SillyTavern versions 1.17.0 and earlier. The vulnerability occurs because SillyTavern accepts certain HTTP headers (Remote-User for Authelia and X-Authentik-Username for Authentik) to automatically log in users when Single Sign-On (SSO) is enabled, without validating that these headers come from a trusted reverse proxy.

This means that any network client that can directly access the SillyTavern port can inject these headers and authenticate as any user, including administrators, without needing a password.

The root cause is that SillyTavern trusts these headers blindly because the underlying Express.js framework does not differentiate between headers from trusted proxies and those injected by clients.

This vulnerability is only exploitable when SSO is enabled for Authelia or Authentik in the configuration (sso.autheliaAuth: true or sso.authentikAuth: true). It was fixed in version 1.18.0 by adding an IP allowlist to restrict which sources can send these headers.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to any user account on SillyTavern, including administrator accounts, without needing a password.

An attacker with network access to the SillyTavern port can inject the required headers to impersonate any user, leading to full account takeover.

Additionally, attackers can enumerate valid usernames via a publicly accessible API endpoint (/api/users/list), which facilitates targeted attacks.

The impact includes complete compromise of confidentiality, integrity, and availability of the affected system, as attackers can perform any actions as the impersonated users.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the SillyTavern instance is running a version prior to 1.18.0 with SSO enabled for Authelia or Authentik (sso.autheliaAuth: true or sso.authentikAuth: true). Additionally, user enumeration attempts against the publicly accessible /api/users/list endpoint can indicate probing for this vulnerability.

To detect exploitation attempts or test for the vulnerability, you can try sending HTTP requests with the headers "Remote-User" or "X-Authentik-Username" directly to the SillyTavern port and observe if authentication is granted without valid credentials.

• Use curl to test header injection: curl -v -H "Remote-User: admin" http://<sillytavern-host>:<port>/
• Check for user enumeration by querying the users list endpoint: curl http://<sillytavern-host>:<port>/api/users/list

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade SillyTavern to version 1.18.0 or later, where the vulnerability is fixed by adding an IP allowlist configuration for SSO header authorization.

If upgrading is not immediately possible, disable SSO authentication for Authelia and Authentik by setting sso.autheliaAuth and sso.authentikAuth to false in the config.yaml file to prevent the vulnerable header-based authentication.

Additionally, restrict network access to the SillyTavern port so that only trusted reverse proxies or internal systems can reach it, preventing attackers from injecting malicious headers directly.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to any user account, including administrative accounts, without a password.

Such unauthorized access can lead to exposure or manipulation of sensitive personal or protected data, which may violate compliance requirements under standards like GDPR and HIPAA that mandate strict access controls and protection of user data.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to failure to adequately protect user authentication and data confidentiality.

Useful 0 Not Useful 0