Executive Summary
A critical authentication vulnerability tracked as CVE-2026-1114 has been disclosed in parisneo/lollms version 2.1.0, a widely used open-source large language model server and AI assistant platform. The vulnerability stems from the application's use of a weak, predictable secret key for signing JSON Web Tokens (JWTs), enabling an attacker to recover the key offline via brute-force and subsequently forge valid authentication tokens with arbitrary privilege levels — including full administrator access.
CVSS Score: 9.8 (Critical)
Vulnerability Overview
Root Cause
lollms uses JWTs to manage user sessions and authorization. The application was found to sign these tokens with a secret key that is insufficiently random and short enough to be recovered through offline dictionary or brute-force attacks. Once an attacker obtains any valid signed JWT (e.g., from an authenticated session or public endpoint), they can:
- Extract the signed token
- Run an offline brute-force or dictionary attack against the weak secret
- Recover the secret key
- Forge new JWTs with elevated privileges (e.g.,
"role": "admin") - Authenticate as administrator with no valid credentials
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-1114 |
| CVSS Score | 9.8 (Critical) |
| Type | Improper Access Control / Weak Cryptographic Key |
| Attack Vector | Network |
| Authentication | Required (any low-privileged account) |
| Privileges Required | Low |
| User Interaction | None |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
Affected Versions
| Product | Affected Version | Status |
|---|---|---|
| parisneo/lollms | 2.1.0 | Vulnerable |
Check the lollms GitHub releases for patched versions. Users running self-hosted lollms instances should treat all existing sessions as potentially compromised and rotate the JWT secret key immediately.
Attack Chain
1. Attacker registers a low-privileged account (or obtains any valid JWT from an exposed endpoint)
2. Extracts the signed JWT from an HTTP response or cookie
3. Runs offline brute-force / dictionary attack against the JWT signature
- Tools: hashcat, jwt-cracker, or custom scripts targeting HS256
4. Recovers the weak secret key
5. Crafts a forged JWT with admin role/claims
6. Authenticates to lollms as administrator
7. Full application control: model management, data access, system commandsWhy JWT Brute-Force Is Feasible
When a JWT is signed with HMAC-SHA256 (HS256) and the secret key is weak (short, dictionary-based, or sequential), modern GPU-accelerated tools like hashcat can test billions of key candidates per second against a captured token. This attack is:
- Offline — no rate limiting or account lockout applies
- Fast — common weak keys are cracked in seconds to minutes
- Silent — leaves no trace in application logs
- Deterministic — if the key is weak, it will be found
Impact Assessment
Successful exploitation grants an attacker full administrative control over the lollms instance, enabling:
| Impact Category | Consequence |
|---|---|
| Data exfiltration | Access to all stored conversations, documents, and uploaded files |
| Model manipulation | Modify, delete, or replace AI models and configurations |
| System command execution | Depending on deployment, admin interfaces may expose OS-level functionality |
| Lateral movement | Compromised lollms server can serve as pivot point in internal networks |
| Credential theft | Access to stored API keys for connected LLM providers (OpenAI, Anthropic, etc.) |
| Persistent backdoor | Create additional admin accounts or modify application code |
lollms is often deployed internally or on home lab servers, but many instances are also internet-exposed — particularly in research environments. An exposed, vulnerable instance is a direct path to full compromise.
Remediation
Immediate Actions
- Update lollms to the latest version that addresses CVE-2026-1114
- Rotate the JWT secret key — any previously issued tokens must be invalidated
- Review access logs for unusual authentication patterns or privilege escalation indicators
- Revoke all active sessions to force re-authentication with a new, strong secret
Configuration Hardening
If an update is not immediately possible:
- Restrict network access — place lollms behind a VPN or firewall; do not expose to the public internet
- Generate a cryptographically strong JWT secret — minimum 256-bit random value; never use dictionary words or short strings
- Implement IP allowlisting if lollms must be accessible remotely
JWT Secret Key Best Practices
# DO NOT use weak keys like:
SECRET_KEY = "secret"
SECRET_KEY = "lollms123"
SECRET_KEY = "changeme"
# Use a cryptographically secure random key:
import secrets
SECRET_KEY = secrets.token_hex(32) # 256-bit random keyDetection
Signs of Exploitation
| Indicator | Description |
|---|---|
| Admin actions from unexpected users | Review audit logs for privilege escalation events |
| JWT tokens with unusual claims | Monitor for admin role tokens issued to low-privileged accounts |
| New admin account creation | Unauthorized accounts with elevated privileges |
| Unexpected API key access or rotation | LLM provider API keys accessed or changed |
| Unusual file access | Documents or model files accessed outside normal patterns |
Threat Hunting Query (Conceptual)
Look for JWT tokens in application logs where the role claim is admin but the token was issued for a user account that should not have admin access. Cross-reference with authentication logs to identify tokens that were not produced by legitimate login flows.
Key Takeaways
- CVSS 9.8 Critical — An attacker with any valid JWT can escalate to admin
- Offline attack — No interaction with the server required after obtaining a single token
- Update immediately — Patch lollms and rotate the JWT secret key
- Do not expose lollms to the internet without proper authentication controls and network restrictions
- AI/LLM servers are high-value targets — they often store API keys for commercial AI providers and sensitive data