CVE-2026-0558
The CVE-2026-0558 issue affects parisneo/lollms up to 2.2.0, where the /api/files/extract-text endpoint accepts file uploads without authentication, lacking the Depends(get_current_active_user) check. This exposes unauthenticated users to DoS via resource exhaustion and potential information disc...