Search criteria
4 vulnerabilities by learningcircuit
CVE-2026-43979 (GCVE-0-2026-43979)
Vulnerability from cvelistv5 – Published: 2026-05-28 17:59 – Updated: 2026-05-28 19:33
VLAI
Title
Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
Summary
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in ssrf_validator.py. This vulnerability is fixed in 1.6.0.
Severity
5 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_CONFIRM |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LearningCircuit | local-deep-research |
Affected:
< 1.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:33:32.262907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:33:58.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-fj2m-qvh9-jq4q"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "local-deep-research",
"vendor": "LearningCircuit",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values \u2014 specifically title (sourced from research.title or research.query) and metadata key-value pairs \u2014 directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application\u0027s existing SSRF defenses in ssrf_validator.py. This vulnerability is fixed in 1.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:59:19.443Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-fj2m-qvh9-jq4q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-fj2m-qvh9-jq4q"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/pull/3082",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/pull/3082"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/pull/3613",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/pull/3613"
}
],
"source": {
"advisory": "GHSA-fj2m-qvh9-jq4q",
"discovery": "UNKNOWN"
},
"title": "Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43979",
"datePublished": "2026-05-28T17:59:19.443Z",
"dateReserved": "2026-05-04T20:24:31.916Z",
"dateUpdated": "2026-05-28T19:33:58.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46526 (GCVE-0-2026-46526)
Vulnerability from cvelistv5 – Published: 2026-05-28 17:58 – Updated: 2026-05-29 14:05
VLAI
Title
Local Deep Research: SSRF bypass in `safe_get`
Summary
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks. However, there are indeed differences in parsing between urlparse and the library that actually sends the request. For example, in safe_get, validate_url is first used to perform an SSRF check, and then requests.get is used to send the actual request. This vulnerability is fixed in 1.6.10.
Severity
5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_CONFIRM |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LearningCircuit | local-deep-research |
Affected:
< 1.6.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46526",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:05:52.707137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:05:55.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-g23j-2vwm-5c25"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "local-deep-research",
"vendor": "LearningCircuit",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks. However, there are indeed differences in parsing between urlparse and the library that actually sends the request. For example, in safe_get, validate_url is first used to perform an SSRF check, and then requests.get is used to send the actual request. This vulnerability is fixed in 1.6.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:58:22.669Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-g23j-2vwm-5c25",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-g23j-2vwm-5c25"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/pull/3873",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/pull/3873"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/pull/3882",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/pull/3882"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/pull/3889",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/pull/3889"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/pull/3932",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/pull/3932"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/releases/tag/v1.6.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/releases/tag/v1.6.10"
}
],
"source": {
"advisory": "GHSA-g23j-2vwm-5c25",
"discovery": "UNKNOWN"
},
"title": "Local Deep Research: SSRF bypass in `safe_get`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46526",
"datePublished": "2026-05-28T17:58:22.669Z",
"dateReserved": "2026-05-14T19:12:32.755Z",
"dateUpdated": "2026-05-29T14:05:55.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67743 (GCVE-0-2025-67743)
Vulnerability from cvelistv5 – Published: 2025-12-23 00:01 – Updated: 2025-12-23 15:41
VLAI
Title
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Summary
Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests.py). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. This issue has been patched in version 1.3.9.
Severity
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_CONFIRM |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LearningCircuit | local-deep-research |
Affected:
>= 1.3.0, < 1.3.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67743",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-23T15:40:58.843587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T15:41:01.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-9c54-gxh7-ppjc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "local-deep-research",
"vendor": "LearningCircuit",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.3.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application\u0027s SSRF protection (safe_requests.py). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. This issue has been patched in version 1.3.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T00:01:19.309Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-9c54-gxh7-ppjc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-9c54-gxh7-ppjc"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/commit/b79089ff30c5d9ae77e6b903c408e1c26ad5c055",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/commit/b79089ff30c5d9ae77e6b903c408e1c26ad5c055"
}
],
"source": {
"advisory": "GHSA-9c54-gxh7-ppjc",
"discovery": "UNKNOWN"
},
"title": "Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67743",
"datePublished": "2025-12-23T00:01:19.309Z",
"dateReserved": "2025-12-11T18:08:02.946Z",
"dateUpdated": "2025-12-23T15:41:01.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57806 (GCVE-0-2025-57806)
Vulnerability from cvelistv5 – Published: 2025-09-03 00:47 – Updated: 2025-09-03 15:44
VLAI
Title
Local Deep Research's API keys are stored in plain text
Summary
Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the database location, allowing anyone with access to the container or host filesystem to retrieve sensitive data in plaintext by accessing the .db file. This is fixed in version 1.0.0.
Severity
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_CONFIRM |
| https://github.com/LearningCircuit/local-deep-res… | x_refsource_MISC |
| http://github.com/LearningCircuit/local-deep-rese… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LearningCircuit | local-deep-research |
Affected:
>= 0.2.0, < 1.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T13:47:32.909510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T15:44:45.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "local-deep-research",
"vendor": "LearningCircuit",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2.0, \u003c 1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the database location, allowing anyone with access to the container or host filesystem to retrieve sensitive data in plaintext by accessing the .db file. This is fixed in version 1.0.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T00:47:24.262Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-4h8c-qrcq-cv5c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-4h8c-qrcq-cv5c"
},
{
"name": "https://github.com/LearningCircuit/local-deep-research/pull/578",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LearningCircuit/local-deep-research/pull/578"
},
{
"name": "http://github.com/LearningCircuit/local-deep-research/releases/tag/v1.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/LearningCircuit/local-deep-research/releases/tag/v1.0.0"
}
],
"source": {
"advisory": "GHSA-4h8c-qrcq-cv5c",
"discovery": "UNKNOWN"
},
"title": "Local Deep Research\u0027s API keys are stored in plain text"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57806",
"datePublished": "2025-09-03T00:47:24.262Z",
"dateReserved": "2025-08-20T14:30:35.009Z",
"dateUpdated": "2025-09-03T15:44:45.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}