CNNVD-202602-120 Information

CNNVD ID

CNNVD-202602-120

Related CVE

CVE-2024-2356

• CNNVD Published: 2026-02-02

Description (Chinese)

LoLLMs WEBUI是Saifeddine ALOUI个人开发者的一个支持多模型和多模态集成的大模型Web用户界面。 LoLLMs WEBUI存在安全漏洞，该漏洞源于/reinstall_extension端点中name参数存在本地文件包含，可能导致加载和执行任意Python文件，进而引发远程代码执行。

Description (English)

LoLLMs WEBUI is the Web user interface for Saifeddine ALOUI, a large model that supports multi-model and multi-modular integration. LoLLMs WEBUI has a security loophole that originates in the local file containing the name parameter in the /reinstall extension endpoint, which may lead to loading and executing any Python file, thus triggering remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-02

Last Modified

2026-02-24

References

https://huntr.com/bounties/cb9867b4-28e3-4406-9031-f66fc28553d4 https://github.com/parisneo/lollms-webui/commit/41dbb1b3f2e78ea276e5269544e50514252c0c25 https://access.redhat.com/security/cve/cve-2024-2356