lollms — Critical stored XSS in social features (CVE-2026-1115)
lollms — Critical stored XSS in social features (CVE-2026-1115)
AI relevance: This critical XSS vulnerability in lollms' social features demonstrates the security risks of integrating social collaboration capabilities into AI chat frameworks without proper input sanitization.
A critical stored cross-site scripting (XSS) vulnerability has been discovered in parisneo/lollms, an open-source AI chat framework, allowing authenticated attackers to inject persistent malicious scripts through social posting features with a CVSS score of 9.6.
Vulnerability details
- CVE-2026-1115 with CVSS score of 9.6 (Critical)
- Affects all lollms versions prior to 2.2.0
- Location: create_post function in backend/routers/social/__init__.py
- Mechanism: No input sanitization on user-provided content
- Impact: Persistent XSS stored in database
- Attack vector: Authenticated user posting malicious content
Why it matters
lollms is an AI chat framework that includes social collaboration features, making this vulnerability particularly dangerous as it can lead to wormable attacks across the platform. The lack of input sanitization in social features demonstrates how AI frameworks integrating collaborative capabilities can introduce severe security risks.
This vulnerability highlights the importance of proper input validation and output encoding in AI applications that incorporate social or collaborative features. The persistent nature of the XSS means malicious scripts remain active indefinitely, potentially affecting all users who view compromised posts, including administrators.
What to do
- Immediately update lollms to version 2.2.0 or later
- Review social feature implementations in AI frameworks
- Implement comprehensive input sanitization for user-generated content
- Use Content Security Policy (CSP) headers to mitigate XSS impact
- Monitor for suspicious posts containing script tags
- Conduct security reviews of AI framework social integrations