CVE-2026-5728: LollMS /api/upload/chat_image trusts the client Content-Type header only, so authenticated users can upload non-images disguised as PNG or JPEG.
CVE-2026-5728: LollMS /api/upload/chat_image trusts the client Content-Type header only, so authenticated users can upload non-images disguised as PNG or JPEG.
No comments yet. Log in to reply on the Fediverse. Comments will appear here.