SillyTavern versions prior to 1.18.0 contain an authentication bypass vulnerability in SSO implementations. The application accepts Remote-User and X-Authentik-Username HTTP headers for automatic login without validating their origin from trusted reverse proxies. Attackers can inject these headers to authenticate as any user, including administrators, without passwords. The vulnerability only affects installations with sso.autheliaAuth or sso.authentikAuth enabled in config.yaml. Fixed in version 1.18.0.