Cyber Resilience

CVE-2026-0558

CriticalPublic PoC

Published: 29 March 2026

Published
29 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 34.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-0558 is a critical-severity Improper Authentication (CWE-287) vulnerability in Lollms Lollms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-0558 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in the parisneo/lollms software, affecting versions up to and including 2.2.0. The issue stems from the `/api/files/extract-text` endpoint, which permits unauthenticated users to upload and process files without enforcing authentication, unlike other file-related endpoints. It specifically lacks the `Depends(get_current_active_user)` dependency, enabling improper authentication (CWE-287).

Any unauthenticated attacker with network access can exploit this endpoint to upload and process arbitrary files. Successful exploitation can result in denial of service through resource exhaustion, information disclosure by extracting text from sensitive files, and violation of the application's documented security policies, potentially compromising confidentiality, integrity, and availability.

Mitigation details are provided in the project's GitHub commit at https://github.com/parisneo/lollms/commit/a6625dc83786ff21d109b0d545ca61b770607ef3 and the Huntr bounty report at https://huntr.com/bounties/0a722001-89ce-4c91-b6a6-a55ee5ba2113. Security practitioners should review these resources for patch implementation and upgrade to a fixed version beyond 2.2.0.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the `Depends(get_current_active_user)` dependency. This issue can…

more

lead to denial of service (DoS) through resource exhaustion, information disclosure, and violation of the application's documented security policies.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated file upload and processing via public-facing API endpoint directly enables public-facing application exploitation (T1190), ingress tool transfer (T1105), and application-level DoS via resource exhaustion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-0562Same product: Lollms Lollms
CVE-2026-0560Same product: Lollms Lollms
CVE-2024-9920Same vendor: Lollms
CVE-2024-8898Same vendor: Lollms
CVE-2025-1451Same vendor: Lollms
CVE-2026-33340Same vendor: Lollms
CVE-2024-11322Shared CWE-287
CVE-2025-64055Shared CWE-287
CVE-2025-1044Shared CWE-287
CVE-2026-1740Shared CWE-287

Affected Assets

lollms
lollms
≤ 2.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification and restriction of actions performable without authentication, preventing unauthenticated access to the /api/files/extract-text endpoint.

prevent

Mandates enforcement of approved authorizations for access to system resources, ensuring the endpoint requires authentication like other file-related endpoints.

prevent

Enforces least privilege by authorizing access to file upload and processing only to explicitly approved users, mitigating unauthorized exploitation.

References