CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•6 views

CVE-2026-47203

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS0.00072EPSS

ATTACKERKB•added 4 days ago•6 views

CVE-2026-48794

2.3CVSS5.8AI score0.00043EPSS

Exploits0References3Affected Software1

Cvelist•added 4 days ago•18 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

2.3CVSS0.00043EPSS

CVE•added 4 days ago•15 views

CVE-2026-48794

CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...

2.3CVSS5.8AI score0.00043EPSS

ATTACKERKB•added 4 days ago•7 views

CVE-2026-47203

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS6AI score0.00072EPSS

Exploits0References3Affected Software1

Cvelist•added 4 days ago•16 views

CVE-2026-47203 Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS0.00072EPSS

CVE•added 4 days ago•24 views

CVE-2026-47203

CVE-2026-47203 (Authelia) affects Authelia 4.38.0–4.39.19 where using Basic Auth on the authz verification endpoint exposes a bug: the username extracted from the Authorization header is passed to the ban/attempt regulation as-is, while LDAP binds are case-insensitive but regulation SQL lookups c...

6.3CVSS6AI score0.00072EPSS

Positive Technologies•added 4 days ago•12 views

PT-2026-51025

Name of the Vulnerable Software and Affected Versions Authelia versions 4.36.0 through 4.39.19 Description Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO. A lack of domain canonicalization in specific edge cases can...

2.3CVSS5.9AI score0.00043EPSS

Exploits0References6

RedhatCVE•added 2026/06/02 4:2 a.m.•10 views

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

OSV•added 2026/05/29 9:21 p.m.•7 views

GHSA-HJJ4-HFJM-FMRJ Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Impact CVSSv4 Baseline Score: Moderate 6.3 CVSSv4 Weighted Score: Low 2.9 The full CVSSv4 Vector for this vulnerability is:...

6.3CVSS5.9AI score0.00072EPSS

Exploits0References3

Github Security Blog•added 2026/05/29 9:21 p.m.•22 views

Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Impact CVSSv4 Baseline Score: Moderate 6.3 CVSSv4 Weighted Score: Low 2.9 The full CVSSv4 Vector for this vulnerability is:...

6.3CVSS5.9AI score0.00072EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/29 7:16 p.m.•9 views

CVE-2026-44649

9.8CVSS0.00218EPSS

Vulnrichment•added 2026/05/29 5:45 p.m.•8 views

CVE-2026-44649 SillyTavern: Authentication Bypass via SSO Header Injection

ATTACKERKB•added 2026/05/29 5:45 p.m.•7 views

CVE-2026-44649

Exploits0References2Affected Software1

EUVD•added 2026/05/29 5:45 p.m.•9 views

EUVD-2026-33401

OSV•added 2026/05/12 10:23 p.m.•3 views

GHSA-GXX6-H3G6-VWJH SillyTavern has Authentication Bypass via SSO Header Injection

Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...

Github Security Blog•added 2026/05/12 10:23 p.m.•25 views

Exploits0References4

SillyTavern has Authentication Bypass via SSO Header Injection

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40545

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description An authentication bypass and account takeover issue exists when Authelia or Authentik SSO is enabled. The software accepts Remote-User for Authelia and X-Authentik-Username for Authentik HTTP...