CVE-2026-0560
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the /api/files/export-content endpoint. The _download_image_to_temp() function in backend/routers/files.py fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| parisneo | parisneo/lollms | unspecified < 2.2.0 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://huntr.com/bounties/65e43a5e-b902-4369-b738-1825285a3ea5
- https://github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.