Description
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in ssrf_validator.py. This vulnerability is fixed in 1.6.0.
Published: 2026-05-28
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when the PDFService._markdown_to_html() function builds an HTML document by inserting user-controlled values, such as the research title or metadata key‑value pairs, directly into an f‑string without escaping. This permits an authenticated attacker to inject arbitrary HTML tags into the PDF export, which WeasyPrint processes. The injected HTML can be chained to trigger a Server‑Side Request Forgery (SSRF) that bypasses the application’s ssrf_validator guard, potentially allowing the attacker to access internal network resources or pull sensitive data from internal services.

Affected Systems

The affected product is LearningCircuit’s Local‑Deep‑Research application. Versions earlier than 1.6.0 are vulnerable. Only users with authenticated access to construct research queries are impacted; unauthenticated users cannot exploit the flaw.

Risk and Exploitability

The CVSS score of 5 indicates a moderate severity. The EPSS score is not available, suggesting that the likelihood of exploitation is unknown or low, and the vulnerability is not currently listed in CISA’s KEV catalog. Exploitation requires authenticated access and depends on the application allowing arbitrary HTML in research queries. Successful exploitation would enable SSRF and potentially internal data exfiltration, but does not provide direct remote code execution.

Generated by OpenCVE AI on May 28, 2026 at 20:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Local‑Deep‑Research to version 1.6.0 or later, where the PDF export routine properly escapes user input.
  • If an upgrade is not immediately possible, sanitize or escape all user‑controlled fields (query, title, metadata) before they are embedded into the HTML document.
  • Enforce strict validation in ssrf_validator to reject outbound requests originating from injected content, and consider restricting the allowed tags in user-submitted queries to safe subsets.

Generated by OpenCVE AI on May 28, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fj2m-qvh9-jq4q local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
History

Thu, 28 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Learningcircuit
Learningcircuit local Deep Research
Vendors & Products Learningcircuit
Learningcircuit local Deep Research

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in ssrf_validator.py. This vulnerability is fixed in 1.6.0.
Title Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
Weaknesses CWE-79
CWE-918
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Learningcircuit Local Deep Research
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T19:33:58.899Z

Reserved: 2026-05-04T20:24:31.916Z

Link: CVE-2026-43979

cve-icon Vulnrichment

Updated: 2026-05-28T19:33:52.112Z

cve-icon NVD

Status : Received

Published: 2026-05-28T19:16:38.067

Modified: 2026-05-28T20:16:23.927

Link: CVE-2026-43979

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T20:30:25Z

Weaknesses