CVE-2026-0560

High CVSS: 7.5

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

Vendor

Lollms

Product

Lollms

CWE

CWE-918

Yayın Tarihi

2026-03-29 18:16:14

Güncelleme

2026-03-31 19:37:38

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-918 Lollms HIGH Lollms 2026

Referanslar

https://github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263 https://huntr.com/bounties/65e43a5e-b902-4369-b738-1825285a3ea5

Benzer Kayıtlar

High

CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or rej…

Critical

CVE-2026-0558

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and proces…

High

CVE-2025-1451

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads.…

High

CVE-2024-9919

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauth…

High

CVE-2024-9920

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions,…

Critical

CVE-2024-8898

A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V1…