AI Threat Alert AI Threat Alert

CVE-2026-1163: lollms: sessions persist after password reset

GHSA-8jg2-726g-xh43 MEDIUM
Published April 8, 2026
CISO Take

parisneo/lollms fails to invalidate active sessions when a user resets their password, and its default session lifetime is an excessive 31 days with no inactivity timeout — meaning an attacker who steals a session token retains full access to the AI interface even after the victim takes what they believe is decisive corrective action. With 0 downstream package dependents and no public exploit available, immediate blast radius is contained to direct lollms deployments, but all instances running version 11.0.0 or earlier are affected and no patch exists as of disclosure. The CVSS 4.1 score (AC:High, PR:High) reflects the prerequisite of obtaining an initial session token — achievable via XSS, network interception, or credential reuse on shared deployments. Until a fix is released, operators should immediately rotate all session secret keys to force-invalidate existing sessions, reduce session TTL to 8 hours or less, and alert on any session continuation originating from the same token observed before a password-reset event.

Sources: NVD GitHub Advisory ATLAS

Risk Assessment

Medium overall, elevated for multi-user or enterprise lollms deployments. The 4.1 CVSS score is artificially suppressed by the AC:High and PR:High prerequisites, but the 31-day default session window means a single credential-theft event grants nearly a month of persistent AI system access with no automatic remediation even when the victim responds correctly. No patch exists as of CVE publication. The package carries a 36/100 risk score and has 7 prior CVEs — a pattern indicating structural security debt rather than an isolated oversight. Organizations using lollms as a front-end for sensitive internal LLM interactions should treat this as higher priority than the CVSS score alone suggests.

Affected Systems

Package Ecosystem Vulnerable Range Patched
lollms pip <= 11.0.0 No patch
61 Pushed 5d ago 25% patched ~1d to patch Full package profile →

Do you use lollms? You're affected.

Severity & Risk

CVSS 3.1
4.1 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
Moderate

Recommended Action

  1. No patch is available for lollms ≤ 11.0.0 as of disclosure — monitor the parisneo/lollms GitHub repository for a fix targeting CWE-613.
  2. Immediately rotate all session secret keys on affected deployments; this forces invalidation of all active sessions server-wide.
  3. Reduce the session lifetime from the 31-day default to 8 hours or less in application or reverse-proxy configuration.
  4. Implement inactivity-based session expiration at the web server layer if the application does not support it natively.
  5. For detection: correlate password-reset events against subsequent requests carrying the same session token ID — any match is anomalous and should trigger an incident.
  6. Consider placing lollms instances behind an authentication proxy (e.g., Authelia, Cloudflare Access) to enforce centralized session management independent of the application.

Classification

Auth Bypass Data Extraction API Agent AML.T0012 AML.T0049 AML.T0085

Compliance Impact

This CVE is relevant to:

EU AI Act
Art. 9 - Risk management system
ISO 42001
A.6.1 - Policies for information security
NIST AI RMF
MANAGE 2.2 - Mechanisms are in place to minimize the vulnerability of AI systems
OWASP LLM Top 10
LLM02:2025 - Sensitive Information Disclosure

Technical Details

NVD Description

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject requests after a period of inactivity and the excessively long default session duration of 31 days. The vulnerability enables an attacker to maintain persistent access to a compromised account, even after the victim resets their password.

Exploitation Scenario

An adversary obtains an authenticated session token for a lollms instance through network interception on an HTTP deployment, exploitation of a reflected XSS vulnerability in lollms (7 prior CVEs suggest the attack surface exists), or credential reuse from a separate breach. The legitimate user detects suspicious activity — perhaps unusual AI queries in conversation history — and resets their password, expecting this to terminate all active sessions. Under normal session management, this would cut off the attacker; in lollms, the adversary's token remains valid for up to 31 days. The attacker continues querying the AI interface, reads all prior conversation history containing internal business data, issues new queries to connected LLMs, and potentially modifies system prompts or agent tool configurations — all while the victim believes the account has been fully remediated.

Weaknesses (CWE)

CWE-613 Insufficient Session Expiration Primary

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

References

Timeline

Published
April 8, 2026
Last Modified
April 8, 2026
First Seen
April 9, 2026

Related Vulnerabilities

HIGH CVE-2024-6982 8.4

lollms: RCE via eval() sandbox bypass in Calculate

Same package: lollms
HIGH CVE-2026-1117 8.2

lollms: Access Control bypass enables privilege escalation

Same package: lollms
HIGH CVE-2025-6386 7.5

lollms: timing attack enables credential enumeration

Same package: lollms
MEDIUM CVE-2024-6581 6.5

Lollms: SVG upload XSS enables session hijack and RCE

Same package: lollms
MEDIUM CVE-2024-6985 4.4

lollms: path traversal allows arbitrary directory read

Same package: lollms
Back to Threat Feed