CVE-2026-0560 | THREATINT

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

PUBLISHED Reserved 2026-01-01 | Published 2026-03-29 | Updated 2026-03-30 | Assigner @huntr_ai

HIGH: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Any version before 2.2.0

affected

References

huntr.com/bounties/65e43a5e-b902-4369-b738-1825285a3ea5

github.com/...ommit/76a54f0df2df8a5b254aa627d487b5dc939a0263

cve.org (CVE-2026-0560)

nvd.nist.gov (CVE-2026-0560)

Download JSON