PatchSiren cyber security CVE debrief
CVE-2026-59707 LocalAI CVE debrief
A critical server-side request forgery vulnerability exists in LocalAI's POST /models/apply endpoint, enabling attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation, allowing attackers to force the server to issue HTTP GET requests to private and loopback ranges. Partial response content is leaked through error messages. This vulnerability has a high impact on confidentiality and integrity, and users should take immediate action to mitigate the risk. The CVE record was published on 2026-07-07T21:17:29.340Z and has not been modified since then.
- Vendor
- LocalAI
- Product
- Unknown
- CVSS
- CRITICAL 9.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Users of LocalAI, especially those hosting the application on publicly accessible servers, should be aware of this vulnerability and take immediate action to mitigate the risk. This includes reviewing system configurations, monitoring for suspicious activity, and applying patches or compensating controls as necessary. Security teams should prioritize remediation efforts based on the potential impact on confidentiality and integrity.
Technical summary
The vulnerability is caused by the lack of proper validation in the POST /models/apply endpoint, which allows attackers to inject arbitrary URLs. This can lead to unauthorized access to internal resources and potential data breaches. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation, enabling attackers to force the server to issue HTTP GET requests to private and loopback ranges. Partial response content is leaked through error messages.
Defensive priority
Highly Critical
Recommended defensive actions
- Apply the patch from the vendor or a compensating control to restrict access to the affected endpoint
- Monitor for suspicious activity and implement additional security measures to prevent exploitation
- Conduct a thorough inventory check to identify potentially affected systems and prioritize remediation
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-07T21:17:29.340Z and has not been modified since then. The NVD entry is currently being reviewed. Evidence limits suggest that further verification is needed to confirm affected scope and severity. Defenders should verify the official advisory and CVE record for more information. The vulnerability has a high impact on confidentiality and integrity, and users should take immediate action to mitigate the risk.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T21:17:29.340Z and has not been modified since then.