2 matches found
CVE-2026-59707
CVE-2026-59707 : LocalAI exposes an unauthenticated SSRF via POST /models/apply. The endpoint forwards unsanitized gallery URL fields to gallery.GetGalleryConfigFromURLWithContext, allowing requests to internal/private/loopback URLs and leaking partial responses in error messages. No exploitation...
Server-Side Request Forgery
Web applications often rely on network requests to query external resources and retrieve data in order to process it. A Server-Side Request Forgery SSRF vulnerability exists when an attacker is able to control these outbound requests and send it to a resource he owns, to the localhost itself, or ...