A critical authentication bypass flaw in SillyTavern allows unauthenticated attackers to impersonate any user, including administrators.

When SSO (Authelia/Authentik) is enabled, SillyTavern fails to validate the origin of identity-providing HTTP headers. An attacker can inject these headers to authenticate as any user without providing valid credentials.

The CVSS score of 9.8 indicates critical risk. By bypassing authentication, an attacker can gain full administrative control over the application, access private data, or manipulate configurations. This is particularly dangerous for instances exposed to the internet.

Immediate Action: Update to SillyTavern version 1.18.0.

Proactive Monitoring: Check access logs for unusual login patterns or requests originating from non-trusted sources that include SSO-specific headers.

Compensating Controls: Disable SSO configurations if they are not strictly necessary or restrict access to the SillyTavern port to trusted IP ranges via firewall rules.

Public Exploit Available: None

Administrators must update to version 1.18.0 immediately. If an update cannot be applied right away, ensure the application is protected by a firewall and that SSO features are disabled until the patch is deployed.