Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
LuLu UI up to 3.0.0 allows remote attackers to run malicious commands
CVE-2026-2544
Summary
The LuLu UI up to version 3.0.0 has a security flaw that lets hackers remotely execute unauthorized system commands. This means a hacker could potentially take control of your system or steal sensitive information. You should update to the latest version of LuLu UI to fix this issue.
Original title
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The atta...
Original description
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026