CVE-2026-2558

Name of the Vulnerable Software and Affected Versions GeekAI versions up to 4.2.4

Description A flaw exists in GeekAI that allows for server-side request forgery. The issue is related to the Download function within the api/handler/net handler.go file. Manipulation of the url argument in this function can lead to exploitation. Remote exploitation is possible, and an exploit has been published. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 4.2.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.