A vulnerability was found in parisneo lollms-webui up to 9.2. It has been declared as critical. This vulnerability affects unknown code of the file /restart_program of the component Endpoint. The manipulation of the argument host leads to authentication bypass using alternate channel.
This vulnerability was named CVE-2024-1646. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.