CVE-2026-2558 | GeekAI up to 4.2.4 net_handler.go Download url server-side request forgery (Issue 256)

Full Article URL: https://vuldb.com/?id.346166
Textarea URL (this page): <a href="https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxMzQzAwCQQgj5_2026-02-15">https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxMzQzAwCQQgj5_2026-02-15
Source: https://vuldb.com/?rss.recent
Vuldb: https://vuldb.com
Publication date: 2026-02-15 18:53:02
Last retrieval: 2026-02-15 20:46:17.838607

18:53 - 15 Feb 2026

vuldb.com

A vulnerability, which was classified as critical, has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. This vulnerability is registered as CVE-2026-2558. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

https://vuldb.com/?id.346166

Article info: