CVE-2026-2558 | GeekAI up to 4.2.4 net_handler.go Download url server-side request forgery (Issue 256)

Inserito da Angelo Barbosa | Feb 15, 2026 | CVE

A vulnerability, which was classified as critical, has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery.

This vulnerability is registered as CVE-2026-2558. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2558 | GeekAI up to 4.2.4 net_handler.go Download url server-side request forgery (Issue 256)

Post correlati

CVE-2025-23840 | webjema Notcaptcha Plugin up to 1.3.1 on WordPress cross site scripting

CVE-2024-41697 | Priority up to 23.x HTML Tag HTML injection

CVE-2024-55000 | Sourcecodester House Rental Management System 1.0 manage_categories.php cross site scripting

CVE-2025-48468 | Advantech Wireless Sensing and Equipment A2.01 B00 JTAG injection