CVE-2026-0560

HIGH EPSS 75.3%
Published Mar 29, 20263mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Mar 29, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
75.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
lollmslollms* ≤2.1.0

References 2

  • github.com https://github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263
    Patch
  • huntr.com https://huntr.com/bounties/65e43a5e-b902-4369-b738-1825285a3ea5
    ExploitIssue TrackingThird Party Advisory

Remediation

  • github.com https://github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263
    Patch