CVE-2026-59707 - LocalAI - Server-Side Request Forgery via POST /models/apply
CVE ID :CVE-2026-59707 Published : July 7, 2026, 8:37 p.m. | 37 minutes ago Description :LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized...