{"data":{"id":"0db0613f-12d1-4e2f-b26a-a9190460e897","title":"CVE-2026-44648: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode","summary":"SillyTavern is a locally installed interface for interacting with text generation AI models. Before version 1.18.0, it had a security flaw where changing a password or recovering an account didn't log out existing sessions, because all session information was stored in a signed cookie (a small piece of data the browser keeps) rather than on the server, making it impossible to revoke access even after a password change.","solution":"This vulnerability is fixed in version 1.18.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44648","publishedAt":"2026-05-29T19:16:24.570Z","cveId":"CVE-2026-44648","cweIds":["CWE-613"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SillyTavern"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-29T19:16:24.570Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}