What is the CVSS score of CVE-2026-0560?

CVE-2026-0560 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Lollms are affected by CVE-2026-0560?

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in LoLLMs versions before 2.2.0 allows attackers to make arbitrary HTTP requests from your server to internal networks and cloud…. A patch is available.

Is there a public PoC exploit available for CVE-2026-0560?

Yes, a public proof-of-concept exploit is available for CVE-2026-0560. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-0560?

Within 24 hours: Identify all instances of LoLLMs running versions prior to 2.2.0 using inventory or endpoint detection tools; prioritize production systems. Within 7 days: Upgrade all affected LoLLMs instances to version 2.2.0 or later (patch available in commit 76a54f0); apply WAF rules to block requests to `/api/files/export-content` endpoint from untrusted networks pending patching. Within 30 days: Conduct network segmentation audit to restrict server egress to internal services; implement API authentication and URL allowlist validation for HTTP request functions; review logs for exploitation attempts against the vulnerable endpoint.

Lollms CVE-2026-0560

EUVD-2026-17037 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-03-29 security@huntr.dev

SSRF RCE Information Disclosure Lollms

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:11 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2.2.0

EUVD ID Assigned

Mar 29, 2026 - 18:22 euvd

EUVD-2026-17037

Analysis Generated

Mar 29, 2026 - 18:22 vuln.today

CVE Published

Mar 29, 2026 - 18:16 nvd

HIGH 7.5

DescriptionCVE.org

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the /api/files/export-content endpoint. The _download_image_to_temp() function in backend/routers/files.py fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

AnalysisAI

Server-Side Request Forgery (SSRF) in parisneo/lollms versions before 2.2.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints via the /api/files/export-content endpoint. The vulnerability stems from insufficient URL validation in the _download_image_to_temp() function, enabling internal network reconnaissance, access to cloud instance metadata (AWS/GCP/Azure), and potential remote code execution through server-side exploitation chains. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious URL with internal IP address

Delivery

Submit to `/api/files/export-content` endpoint

Exploit

Bypass URL validation in `_download_image_to_temp()`

Execution

Retrieve internal service responses

Impact

Exfiltrate sensitive data or metadata

Access

Craft malicious URL with internal IP address

Delivery

Submit to `/api/files/export-content` endpoint

Exploit

Bypass URL validation in `_download_image_to_temp()`

Execution

Retrieve internal service responses

Impact

Exfiltrate sensitive data or metadata

Vulnerability AssessmentAI

Exploitation	Remote unauthenticated attacker sends crafted URL to `/api/files/export-content` endpoint in parisneo/lollms versions prior to 2.2.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This vulnerability presents significant real-world risk despite moderate CVSS 7.5 scoring. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker crafts a malicious HTTP request to the lollms API endpoint /api/files/export-content, providing a URL parameter pointing to http://169.254.169.254/latest/meta-data/iam/security-credentials/ (AWS metadata service). The vulnerable _download_image_to_temp() function fetches this URL server-side without validation, returning IAM role credentials that the attacker captures and uses to escalate privileges within the cloud environment. …
Remediation	Immediately upgrade to lollms version 2.2.0 or later, which includes commit 76a54f0df2df8a5b254aa627d487b5dc939a0263 that implements proper URL validation in the _download_image_to_temp() function. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all instances of LoLLMs running versions prior to 2.2.0 using inventory or endpoint detection tools; prioritize production systems. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-0560 vulnerability details – vuln.today

Back

Lollms CVE-2026-0560

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code