How to fix CVE-2026-0560?

Within 24 hours: identify all instances of parisneo/lollms and document current deployed versions. Within 7 days: upgrade all parisneo/lollms deployments to version 2.2.0 or later (commit 76a54f0 and beyond). Within 30 days: conduct cloud metadata access logs audit (CloudTrail for AWS, Cloud Audit Logs for GCP, Activity Log for Azure) for unauthorized metadata service requests; review network logs for suspicious traffic to internal services via the `/api/files/export-content` endpoint.

CVE-2026-0560

EUVD-2026-17037 HIGH

2026-03-29 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 29, 2026 - 18:22 euvd

EUVD-2026-17037

Analysis Generated

Mar 29, 2026 - 18:22 vuln.today

CVE Published

Mar 29, 2026 - 18:16 nvd

HIGH 7.5

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

Analysis

Server-Side Request Forgery (SSRF) in parisneo/lollms versions before 2.2.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints via the `/api/files/export-content` endpoint. The vulnerability stems from insufficient URL validation in the `_download_image_to_temp()` function, enabling internal network reconnaissance, access to cloud instance metadata (AWS/GCP/Azure), and potential remote code execution through server-side exploitation chains. …

Remediation

Within 24 hours: identify all instances of parisneo/lollms and document current deployed versions. Within 7 days: upgrade all parisneo/lollms deployments to version 2.2.0 or later (commit 76a54f0 and beyond). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2026-0560 vulnerability details – vuln.today

Back

CVE-2026-0560

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-0560

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code