Home

Description

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation, enabling attackers to force the server to issue HTTP GET requests to private and loopback ranges with partial response content leaked through error messages.

PUBLISHED Reserved 2026-07-06 | Published 2026-07-07 | Updated 2026-07-14 | Assigner VulnCheck




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Problem types

Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

Any version
affected

Credits

George Chen reporter

References

github.com/mudler/LocalAI/issues/10665 exploit

github.com/mudler/LocalAI/issues/10665 (GitHub Issue) issue-tracking

github.com/mudler/LocalAI (Product) product

github.com/...ommit/f9b968e19d7cbc556d59dceb2e0e450b828a3fda (Patch Commit) patch

www.vulncheck.com/...e-request-forgery-via-post-models-apply third-party-advisory

cve.org (CVE-2026-59707)

nvd.nist.gov (CVE-2026-59707)

Download JSON