CVE-2026-2558
Published
CVSS v3
6.3
MEDIUM
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI 助手全套开源解决方案,自带运营管理后台,开箱即用。集成了 ChatGPT, Azure, ChatGLM,讯飞星火,文心一言等多个平台的大语言模型。支持 MJ AI 绘画,Stable Diffusion AI 绘画,微博热搜等插件工具。采用 Go + Vue3 + element-plus 实现。
GitHub