CVE-2026-0560
Published: 29 March 2026
Summary
CVE-2026-0560 is a high-severity SSRF (CWE-918) vulnerability in Lollms Lollms. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the SSRF by requiring validation of user-controlled URLs in the _download_image_to_temp() function to prevent processing of malicious internal or metadata endpoints.
Boundary protection controls outbound communications from the server, blocking unauthorized requests to internal services and cloud metadata endpoints exploited via SSRF.
Enforces information flow policies to restrict server-initiated HTTP requests to only approved destinations, preventing SSRF access to internal network resources.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing web API endpoint directly enables T1190 exploitation; facilitates T1552.005 via cloud metadata access and T1046 via port scanning/internal discovery.
NVD Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud…
more
metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Deeper analysisAI
CVE-2026-0560 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting parisneo/lollms versions prior to 2.2.0. The issue resides in the `/api/files/export-content` endpoint, where the `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs. This allows attackers to force the server to initiate arbitrary HTTP requests to internal services and cloud metadata endpoints. Published on 2026-03-29, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Unauthenticated remote attackers can exploit this vulnerability by supplying malicious URLs via the affected endpoint. Successful exploitation enables access to internal network resources, cloud metadata endpoints, information disclosure, port scanning, and potentially remote code execution, with a primary impact on confidentiality.
Mitigation is provided through a patch in the GitHub commit at https://github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263, which users should apply by upgrading to version 2.2.0 or later. Further details on the vulnerability discovery and bounty are available at https://huntr.com/bounties/65e43a5e-b902-4369-b738-1825285a3ea5.
Details
- CWE(s)