CNNVD-202602-122 Information

CNNVD ID

CNNVD-202602-122

Related CVE

CVE-2026-1117

• CNNVD Published: 2026-02-02

Description (Chinese)

LoLLMs WEBUI是Saifeddine ALOUI个人开发者的一个Web用户界面。 LoLLMs WEBUI 5.9.0版本存在访问控制错误漏洞，该漏洞源于lollms_generation_events.py组件缺少身份验证和授权检查，可能导致拒绝服务或状态损坏。

Description (English)

LoLLMs WEBUI is a Web-based interface for Saifeddine ALOUI personal developers. Version 5.9.0 of LoLLLMs WEBUI contains a bug in access control resulting from the lack of identification and authorization checks of the lollms generation events.py components, which may result in the denial of services or damage to the state.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

个人开发者

Published

2026-02-02

Last Modified

2026-02-24

References

https://huntr.com/bounties/d2846a7f-0140-4105-b1bb-5ef64ec8b829 https://github.com/parisneo/lollms/commit/36a5b513dfefe9c2913bf9b618457b4fea603e3b https://access.redhat.com/security/cve/cve-2026-1117