PYSEC-2026-1588

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/lollms/PYSEC-2026-1588.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1588
Aliases
Published
2026-07-07T14:34:35.775155Z
Modified
2026-07-07T17:47:14.647968049Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
Summary
lollms vulnerable to path traversal due to unauthenticated root folder settings change
Details

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.

References

Affected packages

PyPI / lollms

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
9.5.1

Affected versions

1.*
1.1.3
1.1.5
1.1.6
1.1.7
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.25
1.1.26
1.1.27
1.1.28
1.1.29
1.1.30
1.1.31
1.1.32
1.1.33
1.1.34
1.1.35
1.1.36
1.1.37
1.1.38
1.1.45
1.1.46
1.1.47
1.1.48
1.1.49
1.1.50
1.1.51
1.1.52
1.1.53
1.1.55
1.1.56
1.1.57
1.1.58
1.1.59
1.1.60
1.1.61
1.1.62
1.1.63
1.1.64
1.1.65
1.1.66
1.1.67
1.1.68
1.1.69
1.1.70
1.1.71
1.1.73
1.1.74
1.1.75
1.1.76
1.1.77
1.1.78
1.1.79
1.1.80
1.1.82
1.1.83
1.1.84
1.1.85
1.1.86
1.1.90
1.1.91
1.1.92
1.2.0
1.2.1
1.2.3
1.2.4
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.14
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.30
2.0.31
2.0.32
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.34
2.1.35
2.1.36
2.1.37
2.1.38
2.1.39
2.1.40
2.1.42
2.1.43
2.1.44
2.1.45
2.1.46
2.1.47
2.1.48
2.1.49
2.1.50
2.1.51
2.1.53
2.1.54
2.1.55
2.1.56
2.1.59
2.1.60
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3.0
2.3.1
2.3.3
2.3.4
3.*
3.0.0
3.1.0
3.1.5
3.2.0
4.*
4.0.0
4.0.1
4.0.2
4.1.0
4.1.5
4.1.6
4.2.0
4.2.1
4.2.2
4.5.0
4.5.1
4.5.2
4.5.3
5.*
5.0.0
5.0.1
5.0.2
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.6.0
5.6.2
5.7.0
5.7.1
5.7.2
5.7.3
5.7.5
5.7.6
5.7.7
5.7.8
5.7.9
5.8.1
5.8.2
5.8.3
5.8.5
5.8.6
5.8.7
5.8.8
5.9.0
5.9.1
5.9.2
5.9.3
5.9.4
5.9.5
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.1.1
6.2.0
6.4.0
6.5.0
6.5.1
6.5.2
6.6.0
6.7.0
6.9.0
7.*
7.2.0
9.*
9.3.0
9.5.0
9.5.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/lollms/PYSEC-2026-1588.yaml"