Product

Engramx

1 brief RSS

engramx vulnerable to CSRF enabling graph exfiltration and prompt injection

The engramx HTTP server, enabled by default and binding to 127.0.0.1:7337, is vulnerable to CSRF and prompt injection attacks, allowing a malicious website to exfiltrate the local knowledge graph and inject persistent prompt-injection payloads.

engramx csrf prompt-injection

2r 2t Jan 24, 2024