CVE-2026-0560
Published: 29 March 2026
Summary
CVE-2026-0560 is a high-severity SSRF (CWE-918) vulnerability in Lollms Lollms. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
A Server-Side Request Forgery vulnerability affects parisneo/lollms versions prior to 2.2.0 in the /api/files/export-content endpoint. The _download_image_to_temp function in backend/routers/files.py does not validate user-supplied URLs, permitting arbitrary outbound HTTP requests to internal services or cloud metadata endpoints. The flaw is tracked as CWE-918 and carries a CVSS 3.1 score of 7.5.
An unauthenticated remote attacker can supply a crafted URL to the endpoint and reach otherwise inaccessible internal hosts, retrieve cloud instance metadata, disclose sensitive information, perform port scans, or in some cases chain the access into remote code execution.
The referenced commit 76a54f0df2df8a5b254aa627d487b5dc939a0263 in the parisneo/lollms repository addresses the issue by adding URL validation. The associated huntr report provides additional technical detail on the affected code path.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17037
Vulnerability details
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud…
more
metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing web API endpoint directly enables T1190 exploitation; facilitates T1552.005 via cloud metadata access and T1046 via port scanning/internal discovery.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the SSRF by requiring validation of user-controlled URLs in the _download_image_to_temp() function to prevent processing of malicious internal or metadata endpoints.
Boundary protection controls outbound communications from the server, blocking unauthorized requests to internal services and cloud metadata endpoints exploited via SSRF.
Enforces information flow policies to restrict server-initiated HTTP requests to only approved destinations, preventing SSRF access to internal network resources.