CVE-2026-0560 PoC — Server-Side Request Forgery (SSRF) in parisneo/lollms

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-0560.yaml

Associated Vulnerability

Title:Server-Side Request Forgery (SSRF) in parisneo/lollms (CVE-2026-0560)
Description:A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via _download_image_to_temp() in backend/routers/files.py without any validation, allowing an unauthenticated attacker to supply arbitrary URLs (e.g. cloud metadata endpoints or internal services) that the server will fetch, enabling internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

File Snapshot


 id: CVE-2026-0560

info:
  name: LolLMS < 2.2.0 - Server-Side Request Forgery
  author: ritikchaddha

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!