Lichess Lila
3 CVEs affecting Lichess Lila. Latest disclosed: 2026-04-06. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-52186 | Medium | 6.5 | 2025-11-13 | Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export… |
CVE-2026-35208 | Medium | 5.4 | 2026-04-06 | lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live str… |
CVE-2025-48051 | Medium | 4.7 | 2025-05-15 | powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM no… |