6 matches found
CVE-2026-0558
The CVE-2026-0558 issue affects parisneo/lollms up to 2.2.0, where the /api/files/extract-text endpoint accepts file uploads without authentication, lacking the Depends(get_current_active_user) check. This exposes unauthenticated users to DoS via resource exhaustion and potential information disc...
CVE-2026-0558 Unauthenticated File Upload in parisneo/lollms
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...
CVE-2026-0558 Unauthenticated File Upload in parisneo/lollms
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...
CVE-2026-0558
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...
LoLLMs 授权问题漏洞
LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI. Versions of LoLLMs 2.2.0 and earlier contained an authorization vulnerability. This vulnerability stemmed from the lack of mandatory authentication for the/api/files/extract-text endpoint, which could lead to...
Unauthenticated File Upload in LollMS
Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...