CVE-2026-2558 - Vulnerability Details

- GeekAI net_handler.go Download server-side request forgery

Description

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-02-16

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

GeekAI versions up to 4.2.4 contain a flaw in the Download function of api/handler/net_handler.go that permits manipulation of the url argument. An attacker can supply a crafted URL to cause the server to initiate a request to an arbitrary endpoint, a classic server‑side request forgery scenario. The affected endpoint is accessible from the public API, which makes remote exploitation possible. Published exploits suggest that an attacker can read internal or sensitive resources, exfiltrate data, or facilitate further attacks inside the network. The description does not specify whether elevated privileges are required; the vulnerability can be exploited remotely.

Affected Systems

This vulnerability impacts all deployments of GeekAI that are running version 4.2.4 or earlier. No particular minor update or module is singled out, so any installation of the platform before the final patched release is potentially affected.

Risk and Exploitability

The CVSS base score of 5.3 reflects a medium severity level, while the EPSS score, currently below 1 %, indicates a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely trigger the flaw by sending a crafted HTTP request to the Download endpoint with a malicious url parameter; no elevated privileges are described, and the description suggests the attack can originate from a publicly reachable endpoint. If exploited, the server could reach internal hosts, sensitive files, or perform cross‑network actions that could lead to data theft or compromise of internal infrastructure.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

GeekAI

affected

Version	Status	Constraints
`4.2.0`	affected	—
`4.2.1`	affected	—
`4.2.2`	affected	—
`4.2.3`	affected	—
`4.2.4`	affected	—

No data.

Vendor Product Confidence Versions

Yangjian102621

Geekai

—

Version	Status	Scheme	Platform
`4.2.0`	affected	semver	—
`4.2.1`	affected	semver	—
`4.2.2`	affected	semver	—
`4.2.3`	affected	semver	—
`4.2.4`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade GeekAI to a version that includes the SSRF fix once it is released.
Implement outbound network segmentation or firewall rules to restrict the application’s outgoing connections to trusted domains, whitelisting, and blocking private IP ranges.
Add strict input validation to the Download endpoint: enforce allowed URI schemes, apply a host whitelist, reject opaque or data URLs, and verify SSL/TLS certificates.
Continuously monitor application logs for unexpected outbound requests and configure alerts for suspicious activity.

Generated by OpenCVE AI on April 18, 2026 at 17:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/yangjian102621/geekai/issues/256
https://github.com/yangjian102621/geekai/issues/256#issue-3888814886
https://vuldb.com/?ctiid.346166
https://vuldb.com/?id.346166
https://vuldb.com/?submit.750730

History

Tue, 17 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 17 Feb 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Yangjian102621 Yangjian102621 geekai
Vendors & Products		Yangjian102621 Yangjian102621 geekai

Mon, 16 Feb 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		GeekAI net_handler.go Download server-side request forgery
Weaknesses		CWE-918
References		https://github.com/yangjian102621/geekai/issues/256 https://github.com/yangjian102621/geekai/issues/256#issue-3888814886 https://vuldb.com/?ctiid.346166 https://vuldb.com/?id.346166 https://vuldb.com/?submit.750730
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Yangjian102621 Geekai

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-16T13:32:05.695Z

Updated: 2026-02-23T10:11:02.075Z

Reserved: 2026-02-15T17:47:57.860Z

Link: CVE-2026-2558

Vulnrichment

Updated: 2026-02-17T14:59:32.611Z

NVD

Status : Deferred

Published: 2026-02-16T14:16:18.650

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2558

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object