CVE-2024-48057: n/a
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
AI Analysis
Technical Summary
CVE-2024-48057 identifies a Cross Site Scripting (XSS) vulnerability in localai versions up to 2.20.1. The vulnerability arises from insufficient input validation in the delete model API endpoint, which accepts parameters that can be manipulated to inject malicious JavaScript code. This injected code is stored temporarily (one-time storage XSS) and executed when a user visits the homepage, leading to potential session hijacking, credential theft, or unauthorized actions performed in the context of the victim’s browser session. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-352 (Cross-Site Request Forgery), indicating that the flaw also involves inadequate request validation that could be exploited via crafted requests. The CVSS v3.1 score is 6.1 (medium severity), reflecting that the attack vector is network-based with low attack complexity and no privileges required, but user interaction is necessary to trigger the payload. The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component, impacting confidentiality and integrity but not availability. No patches or exploits are currently documented, but the vulnerability poses a risk to any deployment of localai that exposes the vulnerable API and homepage to users.
Potential Impact
The primary impact of CVE-2024-48057 is on the confidentiality and integrity of user data and sessions. Successful exploitation can lead to theft of authentication tokens, unauthorized actions performed on behalf of users, and potential spread of malicious scripts within an organization’s user base. This can result in compromised user accounts, data leakage, and erosion of trust in the affected application. Since localai is used for managing AI models, attackers could potentially manipulate or disrupt AI workflows indirectly by compromising user sessions. The vulnerability does not impact system availability directly but can facilitate further attacks that degrade service or cause reputational damage. Organizations worldwide using localai, especially those with exposed web interfaces, face increased risk of targeted attacks leveraging this XSS flaw.
Mitigation Recommendations
To mitigate CVE-2024-48057, organizations should immediately update localai to a version that patches this vulnerability once available. Until a patch is released, implement strict input validation and sanitization on the delete model API parameters to prevent injection of malicious scripts. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts on the homepage. Use HTTP-only and secure cookies to protect session tokens from theft via XSS. Monitor web application logs for suspicious requests targeting the delete model API and homepage. Educate users to recognize and avoid suspicious links or actions that could trigger the XSS payload. Additionally, consider isolating the localai management interface behind VPNs or internal networks to reduce exposure. Conduct regular security assessments focusing on web input handling and session management.
Affected Countries
United States, Germany, United Kingdom, Canada, France, Japan, South Korea, Australia, Netherlands, India
CVE-2024-48057: n/a
Description
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-48057 identifies a Cross Site Scripting (XSS) vulnerability in localai versions up to 2.20.1. The vulnerability arises from insufficient input validation in the delete model API endpoint, which accepts parameters that can be manipulated to inject malicious JavaScript code. This injected code is stored temporarily (one-time storage XSS) and executed when a user visits the homepage, leading to potential session hijacking, credential theft, or unauthorized actions performed in the context of the victim’s browser session. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-352 (Cross-Site Request Forgery), indicating that the flaw also involves inadequate request validation that could be exploited via crafted requests. The CVSS v3.1 score is 6.1 (medium severity), reflecting that the attack vector is network-based with low attack complexity and no privileges required, but user interaction is necessary to trigger the payload. The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component, impacting confidentiality and integrity but not availability. No patches or exploits are currently documented, but the vulnerability poses a risk to any deployment of localai that exposes the vulnerable API and homepage to users.
Potential Impact
The primary impact of CVE-2024-48057 is on the confidentiality and integrity of user data and sessions. Successful exploitation can lead to theft of authentication tokens, unauthorized actions performed on behalf of users, and potential spread of malicious scripts within an organization’s user base. This can result in compromised user accounts, data leakage, and erosion of trust in the affected application. Since localai is used for managing AI models, attackers could potentially manipulate or disrupt AI workflows indirectly by compromising user sessions. The vulnerability does not impact system availability directly but can facilitate further attacks that degrade service or cause reputational damage. Organizations worldwide using localai, especially those with exposed web interfaces, face increased risk of targeted attacks leveraging this XSS flaw.
Mitigation Recommendations
To mitigate CVE-2024-48057, organizations should immediately update localai to a version that patches this vulnerability once available. Until a patch is released, implement strict input validation and sanitization on the delete model API parameters to prevent injection of malicious scripts. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts on the homepage. Use HTTP-only and secure cookies to protect session tokens from theft via XSS. Monitor web application logs for suspicious requests targeting the delete model API and homepage. Educate users to recognize and avoid suspicious links or actions that could trigger the XSS payload. Additionally, consider isolating the localai management interface behind VPNs or internal networks to reduce exposure. Conduct regular security assessments focusing on web input handling and session management.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-10-08T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d0ab7ef31ef0b56d6a1
Added to database: 2/25/2026, 9:43:38 PM
Last enriched: 2/26/2026, 8:50:14 AM
Last updated: 4/12/2026, 1:57:22 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.