AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-44649: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode

criticalvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseMay 29, 2026CVE-2026-44649

Summary

SillyTavern, a locally installed interface for interacting with AI language models and image generators, had a vulnerability in versions before 1.18.0 where it trusted HTTP headers (Remote-User and X-Authentik-Username) used by single sign-on systems without verifying they came from a trusted source. This meant anyone who could connect directly to SillyTavern could fake these headers to log in as any user, including administrators, without a password, but only if SSO was explicitly enabled in the configuration.

Solution / Mitigation

Update SillyTavern to version 1.18.0 or later, which fixes the vulnerability.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

none

Disclosure Date

May 29, 2026

Classification

Attack Type

Supply Chain

Attack SophisticationTrivial

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-290 CWE-306 CWE-346 CWE-807

Affected Vendors

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Similar attackNVD/CVE Database

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attack

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44649

First tracked: May 29, 2026 at 08:09 PM

Classified by LLM (prompt v3) · confidence: 95%