Skip to main content

LoLLMs CVE-2026-1114

| EUVDEUVD-2026-19574 CRITICAL
Improper Access Control (CWE-284)
2026-04-07 @huntr_ai GHSA-9296-v3fr-j92j
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Analysis Updated
Apr 28, 2026 - 00:13 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 28, 2026 - 00:07 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:45 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2.2.0
EUVD ID Assigned
Apr 07, 2026 - 06:45 euvd
EUVD-2026-19574
Analysis Generated
Apr 07, 2026 - 06:45 vuln.today
CVE Published
Apr 07, 2026 - 06:19 nvd
CRITICAL 9.8

DescriptionCVE.org

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the secret key is obtained, the attacker can forge administrative tokens by modifying the JWT payload and resigning it with the cracked secret. This enables unauthorized users to escalate privileges, impersonate the administrator, and gain access to restricted endpoints. The issue is resolved in version 2.2.0.

AnalysisAI

Weak JWT secret key in LoLLMs 2.1.0 enables offline brute-force recovery, allowing remote unauthenticated attackers to forge administrative tokens and bypass authentication completely. Attackers can escalate privileges to administrator, impersonate legitimate users, and access all restricted endpoints without prior authentication. EPSS probability is low (0.04%, 14th percentile) suggesting limited widespread exploitation interest, though a proof-of-concept exists and SSVC classifies the vulnerability as automatable with total technical impact. Fixed in version 2.2.0 via commit a3b2b82b84.

Technical ContextAI

LoLLMs (Large Language Model System by parisneo) is a framework for managing and interacting with large language models. The vulnerability stems from CWE-284 (Improper Access Control) where the application uses a predictable or weak cryptographic secret for signing JSON Web Tokens. JWT tokens rely on HMAC-SHA256 or similar algorithms with a shared secret-if the secret has insufficient entropy or is hardcoded, offline dictionary/brute-force attacks using tools like hashcat or jwt_tool can recover it in minutes to hours. Once the signing key is compromised, an attacker can craft arbitrary JWT payloads (setting admin=true, changing user IDs, extending expiration) and sign them with the recovered secret. The application then trusts these forged tokens as legitimate, granting full administrative access without network-based authentication challenges.

RemediationAI

Upgrade immediately to LoLLMs version 2.2.0 or later, which resolves the weak JWT secret issue per commit a3b2b82b84d537a9da63e63a370a6a8ad55fed34 available at https://github.com/parisneo/lollms/commit/a3b2b82b84d537a9da63e63a370a6a8ad55fed34. The patch replaces the weak secret with a cryptographically secure randomly generated key. For environments where immediate upgrade is not feasible, implement the following compensating controls with noted limitations: (1) Manually regenerate the JWT secret in configuration files using a cryptographically secure random generator (32+ bytes, base64 encoded) and restart the application-this invalidates all existing tokens and requires user re-authentication but does not address the underlying weak default, so validate the new secret meets NIST SP 800-132 guidelines for key derivation; (2) Deploy network segmentation to restrict LoLLMs administrative endpoints to trusted IP ranges only via firewall rules or reverse proxy ACLs-reduces attack surface but does not prevent exploitation by insider threats or compromised trusted networks; (3) Implement additional authentication layers such as mutual TLS or API gateway tokens in front of LoLLMs-adds defense in depth but introduces latency and operational complexity. Note that rotating secrets alone is insufficient if the application redeploys with the same weak default on next restart. Advisory available at https://huntr.com/bounties/608b2a3b-2225-438e-9e61-ffbfdec2ed89.

Share

CVE-2026-1114 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy