Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recover-step2 only update the password hash in the database but do not expire current sessions. Because the session is stateless and stored entirely in the client cookie, there is no server-side mechanism to revoke a token once issued. This vulnerability is fixed in 1.18.0.
Published: 2026-05-29
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SillyTavern uses a stateless cookie‑based session that stores all authentication data in a signed cookie. When a password is changed or a recovery step is completed, the application updates only the password hash in the database but leaves existing session cookies untouched. This allows an attacker who possesses a valid session cookie to continue using the account after the credential change, effectively enabling account takeover. The weakness is a classic session management error (CWE‑613).

Affected Systems

SillyTavern versions prior to 1.18.0 are affected. Versions 1.18.0 and later include a fix that invalidates existing sessions when a password change or recovery occurs.

Risk and Exploitability

The CVSS score of 7.5 indicates a high impact vulnerability. Although EPSS data is not available, the lack of a server‑side session revocation mechanism makes exploitation straightforward for anyone who can capture or guess a session cookie, for example through phishing or compromised devices. The vulnerability is not listed in the CISA KEV catalog, but the high CVSS score and ability to reuse a stateless session make it a serious risk for deployed systems.

Generated by OpenCVE AI on May 29, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SillyTavern to version 1.18.0 or later to ensure that all current sessions are invalidated when a password is changed or a recovery step is completed.
  • If an upgrade cannot be performed immediately, manually clear or delete all client‑side session cookies for affected accounts, and consider forcing a global password reset for all users.
  • Require users to re‑authenticate after any password change or recovery action, and disable any legacy authentication methods that do not perform session invalidation.

Generated by OpenCVE AI on May 29, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wmm3-h9qj-p5v6 SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover
History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Sillytavern
Sillytavern sillytavern
Vendors & Products Sillytavern
Sillytavern sillytavern

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recover-step2 only update the password hash in the database but do not expire current sessions. Because the session is stateless and stored entirely in the client cookie, there is no server-side mechanism to revoke a token once issued. This vulnerability is fixed in 1.18.0.
Title SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover
Weaknesses CWE-613
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Sillytavern Sillytavern
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T19:47:10.723Z

Reserved: 2026-05-07T15:30:10.875Z

Link: CVE-2026-44648

cve-icon Vulnrichment

Updated: 2026-05-29T19:47:06.959Z

cve-icon NVD

Status : Deferred

Published: 2026-05-29T19:16:24.570

Modified: 2026-05-29T20:17:38.110

Link: CVE-2026-44648

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T19:30:05Z

Weaknesses