Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-0560 PoC — LoLLMs 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-0560.yaml
Associated Vulnerability
Title:LoLLMs 代码问题漏洞 (CVE-2026-0560)
Description:LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言与多模态系统。 lollms 2.2.0之前版本存在代码问题漏洞,该漏洞源于/api/files/export-content端点未验证用户控制的URL,可能导致服务端请求伪造攻击。
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via _download_image_to_temp() in backend/routers/files.py without any validation, allowing an unauthenticated attacker to supply arbitrary URLs (e.g. cloud metadata endpoints or internal services) that the server will fetch, enabling internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
File Snapshot

 id: CVE-2026-0560

info:
  name: LolLMS < 2.2.0 - Server-Side Request Forgery
  author: ritikchaddha

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.