Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-44450: Lumiverse AI Chat App: Malicious Code Execution via User Input

CVE-2026-44450

Summary

A previous version of the Lumiverse AI chat application allowed any user to run malicious code on the server. This could happen if a user logged in and sent a special request to the server. The vulnerability has been fixed in version 0.9.7, so updating to this version is recommended to prevent potential security risks.

Original title

Original description

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code execution flag (-e for node/bun, -c for python3/deno), giving any logged-in user arbitrary OS-level code execution on the Lumiverse server. The route requires only requireAuth (not requireOwner). The server binds on all interfaces (::) and the host-header rebinding check is bypassed trivially by any HTTP client that sends Host: localhost:<port> directly, making this exploitable from any machine with network access to the server port. This vulnerability is fixed in 0.9.7.

nvd CVSS3.1 9.9

Vulnerability type

CWE-88

https://github.com/prolix-oc/Lumiverse/security/advisories/GHSA-mfwv-ch2f-9j5v

Published: 26 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026