CVE-2026-5728

Name of the Vulnerable Software and Affected Versions LoLLMS (Lord of Large Language Multimodal Systems) (affected versions not specified)

Description An unrestricted upload of dangerous file types exists in the backend/routers/files.py script. This issue is related to Content-Type spoofing within the image upload functionality, which could allow a remote attacker to write arbitrary files to the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.