Skip to main content

Parisneo Lollms CVE-2026-1116

| EUVDEUVD-2026-21692 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-12 @huntr_ai
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

10
Severity Changed
Apr 17, 2026 - 16:22 NVD
HIGH MEDIUM
CVSS changed
Apr 17, 2026 - 16:22 NVD
8.2 (HIGH) 6.1 (MEDIUM)
Patch released
Apr 17, 2026 - 16:18 nvd
Patch available
Analysis Updated
Apr 16, 2026 - 05:57 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2.2.0
Analysis Generated
Apr 12, 2026 - 02:49 vuln.today
EUVD ID Assigned
Apr 12, 2026 - 02:45 euvd
EUVD-2026-21692
Analysis Generated
Apr 12, 2026 - 02:45 vuln.today
CVE Published
Apr 12, 2026 - 02:22 nvd
MEDIUM 6.1

DescriptionCVE.org

A Cross-site Scripting (XSS) vulnerability was identified in the from_dict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to account takeover, session hijacking, or wormable attacks.

AnalysisAI

Cross-site scripting in parisneo/lollms prior to version 2.2.0 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers via malicious HTML payloads injected through the unsanitized content field in the AppLollmsMessage.from_dict deserialization method. The changed scope (CVSS S:C) indicates impact beyond the vulnerable component, enabling session hijacking, account takeover, and potentially wormable attacks. Publicly available exploit code exists (reported v

Technical ContextAI

The vulnerability exists in parisneo/lollms, a large language model framework. The affected component is the from_dict method within the AppLollmsMessage class, which deserializes user-provided dictionary data into message objects. CWE-79 identifies this as an improper neutralization of input during web page generation - the classic stored or reflected XSS root cause. When the content field is deserialized from untrusted sources (likely API endpoints accepting JSON/dict payloads), no HTML entity encoding or sanitization occurs before the content is rendered in a web context. CPE cpe:2.3:a:parisneo:parisneo/lollms identifies the affected product as the parisneo/lollms application framework across all versions prior to the fix. The CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C indicates network-accessible exploitation with no privileges required, low complexity, but requiring user interaction (likely viewing a malicious message), with scope change suggesting the JavaScript executes in a different security context than the vulnerable component itself.

RemediationAI

Upgrade parisneo/lollms to version 2.2.0 or later, which includes the fix committed in https://github.com/parisneo/lollms/commit/9767b882dbc893c388a286856beeaead69b8292a that implements proper HTML encoding or sanitization of the content field during deserialization. Organizations unable to immediately upgrade should implement compensating controls including strict Content Security Policy (CSP) headers to mitigate JavaScript execution, input validation to reject HTML/JavaScript syntax in message content fields, and output encoding at render time using framework-native escaping functions. Review application logs for suspicious message payloads containing script tags, event handlers, or JavaScript protocols. Conduct security testing of all endpoints accepting message dictionary data to confirm exploitation paths are closed. For detailed technical context and proof-of-concept details, consult the huntr.com disclosure at https://huntr.com/bounties/d3d076a7-2a51-4e07-8d0e-91e28e76788e. Downstream applications using lollms as a dependency must update their dependency manifests and rebuild to incorporate the patched library version.

Share

CVE-2026-1116 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy