CVE-2026-44648— SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SillyTavern | SillyTavern | < 1.18.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44648
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover
Source: NVD (National Vulnerability Database)
Vulnerability Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recover-step2 only update the password hash in the database but do not expire current sessions. Because the session is stateless and stored entirely in the client cookie, there is no server-side mechanism to revoke a token once issued. This vulnerability is fixed in 1.18.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的会话过期机制
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SillyTavern | SillyTavern | < 1.18.0 | - |
II. Public POCs for CVE-2026-44648
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44648
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44648 (1)
Same Patch Batch · SillyTavern · 2026-05-29 · 6 CVEs total
| CVE-2026-44649 | 9.8 CRITICAL | SillyTavern: Authentication Bypass via SSO Header Injection |
| CVE-2026-44650 | 9.1 CRITICAL | SillyTavern: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' |
| CVE-2026-46372 | 8.5 HIGH | SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl |
| CVE-2026-44651 | SillyTavern: Reflected XSS vulnerability in the CORS proxy middleware | |
| CVE-2026-44652 | SillyTavern: SSRF vulnerability in the CORS proxy middleware |
IV. Related Vulnerabilities
Same product: SillyTavern
- CVE-2026-44651
SillyTavern: Reflected XSS vulnerability in the CORS proxy m - CVE-2026-44650
SillyTavern: Improper Limitation of a Pathname to a Restrict - CVE-2026-44649
SillyTavern: Authentication Bypass via SSO Header Injection - CVE-2026-44652
SillyTavern: SSRF vulnerability in the CORS proxy middleware - CVE-2026-46372
SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated ba
Same vendor: SillyTavern
- CVE-2026-44651
SillyTavern: Reflected XSS vulnerability in the CORS proxy m - CVE-2026-44650
SillyTavern: Improper Limitation of a Pathname to a Restrict - CVE-2026-44649
SillyTavern: Authentication Bypass via SSO Header Injection - CVE-2026-44652
SillyTavern: SSRF vulnerability in the CORS proxy middleware - CVE-2026-46372
SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated ba
Same weakness: CWE-613
- CVE-2026-9802
Keycloak: keycloak: unauthorized account access via replayed - CVE-2026-8670
Insecure session handling on metrics web server - CVE-2026-1815
Session Hijacking in TEİAŞ's Mobile Application - CVE-2026-44553
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enabl - CVE-2026-22706
Strapi: Password Reset Does Not Revoke Existing Refresh Sess
V. Comments for CVE-2026-44648
No comments yet