Tag
A remote code injection vulnerability (CVE-2026-5002) exists in PromtEngineer localGPT versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, allowing attackers to execute arbitrary code by manipulating the LLM Prompt Handler component via the _route_using_overviews function in backend/server.py.