CVE-2026-0562

{"id": "CVE-2026-0562", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2026-03-29T18:16:14.460", "references": [{"url": "https://github.com/parisneo/lollms/commit/c46297799f8e1e23305373f8350746b905e0e83c", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/6aab01ca-a138-4a1d-bef9-3bce145359bf", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "security@huntr.dev"}, {"url": "https://aydinnyunus.github.io/2026/04/18/idor-lollms-friend-request-cve-2026-0562/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad cr\u00edtica en las versiones de parisneo/lollms hasta la 2.2.0 permite a cualquier usuario autenticado aceptar o rechazar solicitudes de amistad pertenecientes a otros usuarios. La funci\u00f3n 'respond_request()' en 'backend/routers/friends.py' no implementa comprobaciones de autorizaci\u00f3n adecuadas, lo que permite ataques de Referencia Directa a Objeto Insegura (IDOR). Espec\u00edficamente, el endpoint '/api/friends/requests/{friendship_id}' no verifica si el usuario autenticado es parte de la amistad o el destinatario previsto de la solicitud. Esta vulnerabilidad puede conducir a acceso no autorizado, violaciones de la privacidad y posibles ataques de ingenier\u00eda social. El problema ha sido abordado en la versi\u00f3n 2.2.0."}], "lastModified": "2026-04-22T16:16:52.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7118851E-5C3C-499B-BBB5-0327B7FD85AF", "versionEndIncluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}