CVE-2024-1646

Name: CVE-2024-1646
Creator: NVD / NIST
Published: 2024-04-16T00:15:09.967+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.70%

Last modified Jun 17, 2026

CVE-2024-1646 is a vulnerability of currently unknown severity. parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. EPSS estimates a 0.70% chance of exploitation in the next 30 days.

Description

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.

Metrics

EPSS Probability

0.70%

48.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-288

Affected Software

Vendor	Product	Versions
Lollms	Lollms-Webui	< 9.3

References

https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8Patch
https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7baExploit, Third Party Advisory
https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8Patch
https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7baExploit, Third Party Advisory

Timeline

Published: Apr 16, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-1646?

How severe is CVE-2024-1646?

Severity scoring for CVE-2024-1646 is pending analysis. The EPSS model estimates a 0.70% probability of exploitation in the next 30 days.

How do I fix CVE-2024-1646?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-1646?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST