CVE-2026-59707 | LocalAI up to 4.3.1 Models Apply Endpoint /models/apply GetGalleryConfigFromURLWithContext URL server-side request forgery
A vulnerability has been found in LocalAI up to 4.3.1 and classified as problematic. The affected element is the function GetGalleryConfigFromURLWithContext of the file /models/apply of the component Models Apply Endpoint. Performing a manipulation of the argument URL results in server-side request forgery.
This vulnerability is identified as CVE-2026-59707. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More