cbcvebase.
CVE-2026-0560
published 2026-03-29

CVE-2026-0560: A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint…

PriorityP267high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.76%
75.3th percentile
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
lollmslollms<= 2.1.0
parisneoparisneo_lollms>= unspecified < 2.2.02.2.0

Detection & IOCsextracted from sources · hover to see the quote

url/api/files/export-content
pathbackend/routers/files.py
sigma
POST /api/files/export-content HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json

{"markdown_text":"# SSRF Test\n\n\n","output_format":"docx"}
  • Detect SSRF exploitation attempts by monitoring POST requests to /api/files/export-content containing Markdown image syntax (![...](...)) with internal/metadata URLs (e.g., 169.254.169.254, 127.0.0.1, 10.x.x.x) in the 'markdown_text' field.
  • The vulnerability is exploitable without authentication; monitor all POST requests to /api/files/export-content regardless of session/auth headers.
  • Use out-of-band (OAST/interactsh) detection: if the LolLMS server initiates outbound HTTP requests to an attacker-controlled domain shortly after receiving a POST to /api/files/export-content, this confirms SSRF exploitation.
  • Fingerprint vulnerable LolLMS instances by checking for the string 'LolLMS' in the HTTP response body of the root path (GET /) before probing the SSRF endpoint.
  • Patch reference commit for diff-based detection of the fix: github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263 — compare _download_image_to_temp() before and after to identify the added URL validation logic.
  • ·The vulnerability affects parisneo/lollms versions strictly prior to 2.2.0; instances running 2.2.0 or later are not affected.
  • ·The Nuclei template requires a two-step flow: first confirm the target is a LolLMS instance (GET / body contains 'LolLMS'), then trigger the SSRF probe. Single-step scanners may produce false negatives.
  • ·The Nuclei template is marked 'verified: false', meaning it has not been confirmed against a live vulnerable instance and may require tuning.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.