CVE-2026-1116: Lollms XSS

Vendor-confirmed - CVE-2026-1116 is a high severity stored cross-site scripting (XSS) vulnerability in parisneo/lollms before 2.2.0 that lets attackers hijack user sessions and take over accounts by embedding malicious scripts in chat messages. Upgrade immediately to version 2.2.0.

Overview

A high-severity Cross-site Scripting (XSS) vulnerability, tracked as CVE-2026-1116, exists in the parisneo/lollms software. The flaw is present in versions prior to 2.2.0 and stems from improper handling of user-supplied data.

Vulnerability Details

The vulnerability resides in the from_dict method of the AppLollmsMessage class. When this method deserializes data-for example, from a stored message or an API input-it fails to sanitize or encode the content field. This lack of validation allows an attacker to embed malicious HTML or JavaScript code within the content. When this tainted content is later rendered in a web interface, the malicious script executes in the victim’s browser.

Impact and Exploitation

Successful exploitation requires a victim to view the manipulated content, such as a malicious chat message. With a CVSS score of 8.2, this vulnerability poses a significant risk. An attacker could leverage it to hijack user sessions, perform actions on behalf of the victim (account takeover), or, in a collaborative environment, create self-propagating (wormable) attacks. This could lead to unauthorized data access or full compromise of user accounts within the application.

Remediation and Mitigation

The primary and most effective action is to upgrade the lollms installation to version 2.2.0 or later. The maintainers have addressed the vulnerability in this release.

If immediate patching is not possible, consider these temporary mitigation strategies:

• Input Validation and Output Encoding: Implement strict validation and encoding for all user-controllable data that is processed by the AppLollmsMessage class, ensuring any HTML or script tags are neutralized before rendering.
• Content Security Policy (CSP): Deploy a robust CSP header to restrict the sources from which scripts can be loaded, which can help mitigate the impact of successful XSS payloads.
• Network Segmentation: Restrict network access to the affected application to only trusted users.

For the latest on emerging threats and patches, monitor our security news feed.

Security Insight

This vulnerability highlights a persistent class of security flaws in AI/chatbot frameworks where data serialization/deserialization logic is often overlooked during security reviews. Similar to past XSS issues in other messaging systems, it underscores that the integrity of data flow-from ingestion to storage to display-must be secured at every stage, not just at the point of initial input. It serves as a reminder to audit data handling in helper classes and internal methods, not just primary user-facing endpoints.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs