CVE-2026-44648 Overview
CVE-2026-44648 affects SillyTavern, a locally installed user interface for interacting with text generation large language models, image generation engines, and text-to-speech voice models. Versions prior to 1.18.0 rely on cookie-session authentication that stores all session data in a signed client-side cookie. The POST /api/users/change-password and POST /api/users/recover-step2 endpoints update the password hash in the database but fail to expire active sessions. Because the session is stateless, the server cannot revoke an issued token. An attacker with a previously captured session cookie retains access after a victim changes credentials. The flaw is tracked under [CWE-613: Insufficient Session Expiration].
Critical Impact
Stolen or leaked session cookies remain valid after password changes or account recovery, allowing persistent unauthorized access to SillyTavern user accounts.
Affected Products
- SillyTavern versions prior to 1.18.0
- SillyTavern /api/users/change-password endpoint
- SillyTavern /api/users/recover-step2 endpoint
Discovery Timeline
- 2026-05-29 - CVE-2026-44648 published to NVD
- 2026-05-29 - Last updated in NVD database
Technical Details for CVE-2026-44648
Vulnerability Analysis
SillyTavern implements authentication using stateless signed cookies. The cookie contains user handle and permissions data, signed by the server to prevent tampering. When a user changes their password through POST /api/users/change-password or completes account recovery through POST /api/users/recover-step2, the server updates the stored password hash but performs no session invalidation. The signed cookie remains cryptographically valid until its natural expiry. An attacker who previously obtained a session cookie through cross-site scripting, network interception, or local access can continue authenticating as the victim. Password rotation, which users perform specifically to revoke unauthorized access, provides no protection against this attack path. The issue maps to [CWE-613: Insufficient Session Expiration].
Root Cause
The root cause is architectural. Stateless cookie-session authentication has no server-side session store to invalidate. Without tracking issued tokens, the server cannot distinguish a legitimate cookie from one that should be revoked. The password change handler treats credential rotation as a database operation rather than a session lifecycle event.
Attack Vector
An attacker first obtains a victim's session cookie. The victim subsequently changes their password, believing the action terminates any unauthorized sessions. The attacker replays the captured cookie against the SillyTavern instance and retains full account access with the original permissions. Exploitation requires user interaction and prior cookie acquisition, which raises attack complexity.
No verified proof-of-concept code is available. See the GitHub Security Advisory for vendor technical details.
Detection Methods for CVE-2026-44648
Indicators of Compromise
- Authenticated API requests originating from IP addresses or user agents that differ from the account owner's typical pattern after a password change event.
- Continued session activity on a user handle immediately following a POST /api/users/change-password or POST /api/users/recover-step2 request from a different client.
- Reuse of identical session cookie signatures across multiple source IPs.
Detection Strategies
- Correlate password change events with subsequent authenticated requests and flag any session whose client fingerprint predates the password change.
- Inspect web server access logs for /api/users/ endpoints and build behavioral baselines per user handle.
- Monitor for SillyTavern instances running versions earlier than 1.18.0 across the environment.
Monitoring Recommendations
- Ingest SillyTavern access logs and proxy logs into a centralized analytics platform for session anomaly detection.
- Alert on concurrent active sessions tied to the same user handle from geographically distant source addresses.
- Track version inventory for SillyTavern deployments and flag instances below 1.18.0.
How to Mitigate CVE-2026-44648
Immediate Actions Required
- Upgrade SillyTavern to version 1.18.0 or later, which contains the official fix.
- Force all users to re-authenticate after upgrade by rotating any server-side cookie signing secret.
- Audit recent password change and recovery events for signs of post-change session reuse.
Patch Information
The vendor fixed CVE-2026-44648 in SillyTavern 1.18.0. Refer to the GitHub Security Advisory GHSA-wmm3-h9qj-p5v6 for complete remediation details.
Workarounds
- Rotate the cookie signing secret after any password change or account recovery event, which invalidates all previously issued cookies.
- Restrict SillyTavern network exposure to trusted local networks or place the application behind an authenticating reverse proxy that enforces independent session control.
- Shorten cookie expiration to reduce the window during which a stolen token remains valid.
# Upgrade SillyTavern to the patched release
git fetch --tags
git checkout 1.18.0
npm install
# Rotate the cookie signing secret in config.yaml, then restart the service
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
