Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-44650 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-44650 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-44650 is a vulnerability in SillyTavern, a locally installed web-based user interface for interacting with large language models, image generation engines, and text-to-speech systems, affecting versions prior to 1.18.0.

Technical Detail

The vulnerability exists in SillyTavern prior to version 1.18.0, though the full technical description is incomplete in available data at this time. Given the critical CVSS score of 9.1, the flaw likely enables a high-impact attack such as remote code execution, unauthorized access to local system resources, or a significant authentication or authorization bypass within the application's local server interface. Analysts should treat the incomplete description as a data gap and monitor the NVD entry and the SillyTavern GitHub advisory for the complete technical disclosure.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in the CISA Known Exploited Vulnerabilities catalog. There is no public proof-of-concept code or evidence of active exploitation in the wild as of June 05, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor activity has been associated with this CVE in available intelligence sources.

What To Do

Update SillyTavern to version 1.18.0 or later immediately, as this release contains the fix for this vulnerability. Because SillyTavern operates as a locally hosted server, users who expose the interface beyond localhost, such as via network binding or reverse proxy, face elevated risk and should prioritize patching. Until patching is complete, restrict access to the SillyTavern interface to localhost only and ensure no external network exposure exists. Monitor the official SillyTavern GitHub repository and security advisory page for the complete vulnerability description, which will inform more targeted detection and mitigation guidance.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →