Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Published: 2026-03-29
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution (potential) via internal service access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a server‑side request forgery that occurs in the /api/files/export-content endpoint of parisneo/lollms. The backend function _download_image_to_temp fails to validate user‑controlled URLs, which allows an attacker to instruct the server to make arbitrary HTTP requests. This can give the attacker internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution. The weakness is classified as CWE‑918.

Affected Systems

The affected vendor is parisneo and the product is lollms. Versions earlier than 2.2.0 are vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. No EPSS value is available, and the vulnerability is not listed in the KEV catalog. Attackers can exploit the flaw by sending crafted requests to the vulnerable endpoint, typically from a web application or API that is accessible to them. Successful exploitation requires the server to have outbound network connectivity, which is common in deployed environments. Given the potential for remote code execution, the risk to affected installations is significant and warrants urgent attention.

Generated by OpenCVE AI on March 29, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade parisneo/lollms to version 2.2.0 or later.

Generated by OpenCVE AI on March 29, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 29 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Description A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Title Server-Side Request Forgery (SSRF) in parisneo/lollms
Weaknesses CWE-918
References
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2026-03-29T17:51:20.708Z

Reserved: 2026-01-01T22:10:15.839Z

Link: CVE-2026-0560

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-29T18:16:14.303

Modified: 2026-03-29T18:16:14.303

Link: CVE-2026-0560

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:31:15Z

Weaknesses