CVE-2026-0558 in parisneo lollms
요약 (영어)
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the `Depends(get_current_active_user)` dependency. This issue can lead to denial of service (DoS) through resource exhaustion, information disclosure, and violation of the application's documented security policies.
책임이 있는
@huntr_ai
예약하다
2026. 01. 01.
공개
2026. 03. 30.
엔트리
| 아이디 | 취약성 | CWE | 기본 | 임시 | 0day | 오늘 | 악용 | KEV | EPSS | CTI | 대책 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354134 | parisneo lollms Endpoint extract-text get_current_active_user 약한 인증 | 287 | 7.4 | 7.2 | $0-$5k | $0-$5k | 정의되지 않음 | 0.00000 | 3.58 | 공식 수정 | CVE-2026-0558 |