PT-2026-39893 · Learningcircuit+2 · Local-Deep-Research
Firebasky
·
Published
2026-05-11
·
Updated
2026-05-28
·
CVE-2026-43979
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Local Deep Research versions prior to 1.6.0
Description
The
PDFService. markdown to html() function constructs an HTML document by interpolating user-controlled values directly into an f-string without HTML escaping. Specifically, the title variable (sourced from research.title or research.query) and metadata key-value pairs are vulnerable. An authenticated attacker can use the 'POST /api/start research' endpoint to submit a research query containing HTML special characters. When the 'POST /api/v1/research//export/pdf' endpoint is called, these characters are injected into the document processed by WeasyPrint during PDF export.This injection can be used to trigger Server-Side Request Forgery (SSRF), a condition where the server is coerced into making unauthorized requests to internal or external resources, bypassing existing defenses in
ssrf validator.py. This allows access to cloud metadata services (such as 169.254.169.254), internal network services, or localhost administrative interfaces. Additionally, it can lead to CSS injection, allowing an attacker to control the visual content of the PDF, or cause a Denial of Service (DoS) by corrupting the HTML document structure.Recommendations
Update to version 1.6.0 or later.
As a temporary mitigation, restrict access to the 'POST /api/v1/research//export/pdf' endpoint for untrusted users.
Exploit
Fix
XSS
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Local-Deep-Research