{"vulnerability": "cve-2026-59707", "sightings": [{"uuid": "1a083b77-6845-43a2-bd14-b3af28f85fd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59707", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3lnhc45a2b", "content": "CVE-2026-59707\nLocalAI's POST /models/apply endpoint is vulnerable to attacks. Attackers can use this to access internal URLs without permission, potentially exposing sensitive information. Update LocalAI to fix this issue\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-07T21:52:05.599897Z"}, {"uuid": "43e0b2b8-8b59-42cf-9566-6a4b5861905c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59707", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rytpkdd26", "content": "CVE-2026-59707 - LocalAI - Server-Side Request Forgery via POST /models/apply\nCVE ID : CVE-2026-59707\n \n Published : July 7, 2026, 9:17 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /mod...", "creation_timestamp": "2026-07-07T23:45:50.423460Z"}]}