CVE-2026-0560 is a Server-Side Request Forgery (SSRF) vulnerability identified in the parisneo/lollms software, specifically affecting versions prior to 2.2.0. The flaw resides in the /api/files/export-content endpoint, where the backend function _download_image_to_temp() in backend/routers/files.py does not properly validate URLs provided by users. This lack of validation allows an attacker to craft malicious requests that the server will execute, effectively enabling the attacker to make arbitrary HTTP requests from the vulnerable server to internal network services or cloud metadata endpoints. SSRF vulnerabilities like this can be exploited to bypass network access controls, access sensitive internal resources, perform port scanning on internal networks, and retrieve cloud instance metadata that may contain credentials or configuration data. In some scenarios, SSRF can be leveraged to achieve remote code execution if the internal services are vulnerable or if the attacker can chain this with other vulnerabilities. The CVSS v3.0 score of 7.5 reflects a high severity due to the vulnerability's network attack vector, no required privileges or user interaction, and high impact on confidentiality. No public exploits are currently known, but the vulnerability is published and should be addressed promptly. The vulnerability affects all unspecified versions prior to 2.2.0, and no official patches or mitigation links are provided in the source data, indicating that users must monitor vendor advisories for updates.

The impact of CVE-2026-0560 is significant for organizations using parisneo/lollms versions prior to 2.2.0. Exploitation can lead to unauthorized internal network access, allowing attackers to probe and interact with internal services that are otherwise inaccessible from the internet. Access to cloud metadata endpoints can expose sensitive credentials, tokens, or configuration details, potentially enabling further compromise of cloud infrastructure. Information disclosure from internal systems can facilitate lateral movement and escalation of privileges within an organization’s environment. Additionally, the ability to perform port scanning internally can aid attackers in mapping the network and identifying additional attack vectors. While remote code execution is a potential risk, it depends on the presence of other vulnerabilities or misconfigurations in internal services. Overall, this vulnerability threatens confidentiality and could indirectly impact integrity and availability if chained with other exploits. Organizations with cloud deployments or complex internal networks are particularly at risk, and exploitation could result in data breaches, service disruptions, and reputational damage.

To mitigate CVE-2026-0560, organizations should immediately upgrade parisneo/lollms to version 2.2.0 or later once available, as this version presumably contains the fix. Until a patch is applied, implement strict input validation and sanitization on the /api/files/export-content endpoint to ensure that user-supplied URLs cannot point to internal IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or cloud metadata IP addresses (such as 169.254.169.254). Employ network-level controls such as firewall rules or egress filtering to prevent the application server from making outbound requests to internal or sensitive IP ranges. Use web application firewalls (WAFs) to detect and block suspicious SSRF patterns. Monitor logs for unusual outbound requests originating from the vulnerable endpoint. Conduct internal network segmentation to limit the exposure of critical services to the application server. Finally, implement comprehensive cloud security best practices, including restricting metadata service access and using instance roles with least privilege. Regularly review and update security policies to detect and prevent SSRF exploitation.