CVE-2026-59707
LocalAI · LocalAI
LocalAI contains an unauthenticated server-side request forgery (SSRF) vulnerability in the /models/apply endpoint that allows attackers to force the server to fetch arbitrary internal URLs.
Executive summary
An unauthenticated server-side request forgery vulnerability in LocalAI enables remote attackers to perform unauthorized requests against internal infrastructure, risking significant data exposure.
Vulnerability
The vulnerability exists in the POST /models/apply endpoint, which fails to properly validate input, allowing an unauthenticated attacker to induce the server to make arbitrary requests to internal network resources.
Business impact
This SSRF vulnerability is critical as it allows attackers to bypass perimeter firewalls and interact with internal services that are not intended to be publicly accessible. With a CVSS score of 8.6, this flaw poses a severe risk of internal network reconnaissance, potential interaction with internal APIs, and the exfiltration of sensitive configuration or data.
Remediation
Immediate Action: Update LocalAI to the latest available version that contains the patch for the /models/apply endpoint.
Proactive Monitoring: Monitor network egress logs for unexpected connections originating from the LocalAI server to internal IP addresses or restricted infrastructure.
Compensating Controls: Deploy a Web Application Firewall (WAF) to block requests to the /models/apply endpoint that contain suspicious or internal-facing destination URLs.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The ability to perform SSRF via an unauthenticated endpoint represents a high-risk security gap. Administrators must act immediately to apply the vendor-provided update and verify that the application is isolated from sensitive internal network segments.