CVE-2026-43979
Deferred Deferred - Pending Action
Local Deep Research PDF Export HTML Injection Leading to SSRF

Publication date: 2026-05-28

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values β€” specifically title (sourced from research.title or research.query) and metadata key-value pairs β€” directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in ssrf_validator.py. This vulnerability is fixed in 1.6.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-01
Generated
2026-06-18
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-43979
EUVD
EUVD-2026-32978
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
local_deep_research local_deep_research to 1.6.0 (exc)
learningcircuit local_deep_research 1.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-43979 is a vulnerability in the local-deep-research software's PDF export functionality where user-controlled inputs such as research titles and metadata are directly inserted into HTML without proper escaping. This allows an authenticated attacker to inject arbitrary HTML tags into the generated PDF document.

The injected HTML can include malicious elements like <img> or <link> tags, which can be used to exploit Server-Side Request Forgery (SSRF) vulnerabilities by forcing the server to make unauthorized outbound HTTP requests to internal or external resources.

This vulnerability arises because the function constructing the HTML document interpolates user input into an f-string without escaping special HTML characters, enabling injection attacks.

The issue was fixed in version 1.6.0 by applying proper HTML escaping to all user-controlled inputs and implementing a safe URL fetcher that validates URLs before allowing outbound requests during PDF generation.

Impact Analysis

This vulnerability can impact you by allowing an authenticated attacker to inject malicious HTML into PDF documents generated by the application, potentially leading to several security issues.

  • Server-Side Request Forgery (SSRF): The attacker can cause the server to make unauthorized HTTP requests to internal services such as cloud metadata endpoints, private networks, or localhost interfaces, potentially exposing sensitive data.
  • Denial of Service (DoS): Injected HTML can corrupt the PDF document structure, causing rendering failures or crashes.
  • Visual Content Forgery or Spoofing: External stylesheets or malicious content can be loaded into the PDF, misleading users or forging document appearance.

The vulnerability affects all PDF export operations and can be exploited by any authenticated user without elevated privileges.

Detection Guidance

Detection of this vulnerability involves identifying if the local-deep-research software is running a version prior to 1.6.0 and if it processes PDF exports with user-controlled inputs that are not properly escaped.

Since the vulnerability allows HTML injection and SSRF via crafted research queries, monitoring for unusual outbound HTTP requests during PDF generation or inspecting logs for suspicious HTML content in research titles or metadata can help detect exploitation attempts.

Specific commands are not provided in the available resources, but general approaches include:

  • Checking the installed version of local-deep-research to confirm if it is older than 1.6.0.
  • Using network monitoring tools (e.g., tcpdump, Wireshark) to capture outbound HTTP requests from the server during PDF generation.
  • Reviewing application logs for research queries containing HTML special characters or suspicious tags.
  • Testing PDF export functionality with crafted inputs containing HTML special characters to see if they are escaped or cause unexpected behavior.
Mitigation Strategies

The primary mitigation step is to upgrade the local-deep-research software to version 1.6.0 or later, where the vulnerability has been fixed.

Version 1.6.0 includes proper HTML escaping of user-controlled inputs in PDF generation and a safe URL fetcher that validates URLs before fetching, preventing SSRF attacks.

Until the upgrade can be applied, consider restricting access to the PDF export functionality to trusted users only and monitoring for suspicious outbound network activity.

Additionally, review and harden any custom PDF generation code to ensure all user inputs are properly sanitized and escaped.

Compliance Impact

CVE-2026-43979 allows an authenticated attacker to inject arbitrary HTML into PDF exports and trigger Server-Side Request Forgery (SSRF) attacks, potentially exposing internal services and sensitive data.

Such vulnerabilities can lead to unauthorized access or disclosure of sensitive information, which may violate data protection regulations like GDPR or HIPAA that require safeguarding personal and sensitive data against unauthorized access.

The ability to perform SSRF attacks and inject malicious content could result in data breaches or unauthorized data exposure, impacting compliance with these standards.

Therefore, organizations using affected versions of Local Deep Research prior to 1.6.0 should upgrade promptly to mitigate risks and maintain compliance with relevant security and privacy regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart