CVE-2026-44648 | SillyTavern up to 1.17.x User Interface change-password session expiration

May 29, 2026 Yanac

A vulnerability was found in SillyTavern up to 1.17.x and classified as problematic. This affects an unknown part of the file /api/users/change-password of the component User Interface. Executing a manipulation can lead to session expiration.

This vulnerability is handled as CVE-2026-44648. It is possible to launch the attack on the local host. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More