CVE-2026-2558

Name of the Vulnerable Software and Affected Versions GeekAI versions up to 4.2.4

Description A flaw exists in GeekAI that allows for server-side request forgery. The issue is related to the

Download

function within the

api/handler/net handler.go

file. Manipulation of the

url

argument in this function can lead to exploitation. Remote exploitation is possible, and an exploit has been published. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 4.2.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.