PT-2026-39893 · Learningcircuit+2 · Local-Deep-Research

Firebasky

·

Published

2026-05-11

·

Updated

2026-05-28

·

CVE-2026-43979

CVSS v3.1

5.0

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Local Deep Research versions prior to 1.6.0
Description The PDFService. markdown to html() function constructs an HTML document by interpolating user-controlled values directly into an f-string without HTML escaping. Specifically, the title variable (sourced from research.title or research.query) and metadata key-value pairs are vulnerable. An authenticated attacker can use the 'POST /api/start research' endpoint to submit a research query containing HTML special characters. When the 'POST /api/v1/research//export/pdf' endpoint is called, these characters are injected into the document processed by WeasyPrint during PDF export.
This injection can be used to trigger Server-Side Request Forgery (SSRF), a condition where the server is coerced into making unauthorized requests to internal or external resources, bypassing existing defenses in ssrf validator.py. This allows access to cloud metadata services (such as 169.254.169.254), internal network services, or localhost administrative interfaces. Additionally, it can lead to CSS injection, allowing an attacker to control the visual content of the PDF, or cause a Denial of Service (DoS) by corrupting the HTML document structure.
Recommendations Update to version 1.6.0 or later. As a temporary mitigation, restrict access to the 'POST /api/v1/research//export/pdf' endpoint for untrusted users.

Exploit

Fix

XSS

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-43979
GHSA-FJ2M-QVH9-JQ4Q

Affected Products

Local-Deep-Research