CVE-2026-2558 | GeekAI up to 4.2.4 net_handler.go Download url server-side request forgery (Issue 256)

A vulnerability, which was classified as critical, has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery.

This vulnerability is registered as CVE-2026-2558. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More