{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5002/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["localGPT"],"_cs_severities":["high"],"_cs_tags":["injection","llm","localgpt","cve-2026-5002","webserver"],"_cs_type":"advisory","_cs_vendors":["PromtEngineer"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-5002, has been identified in PromtEngineer localGPT, an open-source project providing local Large Language Model (LLM) capabilities. The vulnerability affects versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The root cause lies within the \u003ccode\u003e_route_using_overviews\u003c/code\u003e function of the \u003ccode\u003ebackend/server.py\u003c/code\u003e file, which is part of the LLM Prompt Handler component. Successful exploitation allows for remote code injection, granting attackers the ability to execute arbitrary commands on the server hosting localGPT. This is particularly concerning as localGPT is designed to handle user-provided prompts, making it a prime target for malicious actors. The vendor has not responded to disclosure attempts. The public availability of an exploit further elevates the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an instance of PromtEngineer localGPT running a vulnerable version (\u0026lt;= 4d41c7d1713b16b216d8e062e51a5dd88b20b054).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious prompt designed to exploit the injection vulnerability in the \u003ccode\u003e_route_using_overviews\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious prompt to the localGPT instance through a network request, targeting the LLM Prompt Handler component.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e_route_using_overviews\u003c/code\u003e function processes the malicious prompt without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe lack of sanitization leads to the injection of attacker-controlled code into the LLM processing pipeline.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed by the localGPT server, potentially allowing arbitrary command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the localGPT server, potentially escalating privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker can now use the compromised server for further malicious activities, such as data exfiltration or lateral movement within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5002 grants attackers the ability to execute arbitrary code on systems running vulnerable versions of PromtEngineer localGPT. This could lead to complete system compromise, data theft, and potential disruption of services. Given the nature of localGPT as a tool for handling sensitive information and prompts, the impact is significant. There is currently no information about specific victims or sectors targeted; however, the public availability of the exploit makes all deployments vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates to PromtEngineer localGPT to mitigate CVE-2026-5002. Since version information is not disclosed, monitor the project's repository for any updates and apply them promptly.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on the LLM Prompt Handler component to prevent code injection. Specifically, focus on the \u003ccode\u003e_route_using_overviews\u003c/code\u003e function in \u003ccode\u003ebackend/server.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect Suspicious localGPT Requests\u0026quot; to identify potential exploitation attempts targeting CVE-2026-5002 based on HTTP request patterns.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity originating from systems running localGPT, looking for unusual outbound connections or data transfer patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-02-localgpt-injection/","summary":"A remote code injection vulnerability (CVE-2026-5002) exists in PromtEngineer localGPT versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, allowing attackers to execute arbitrary code by manipulating the LLM Prompt Handler component via the _route_using_overviews function in backend/server.py.","title":"PromtEngineer localGPT LLM Prompt Handler Injection Vulnerability (CVE-2026-5002)","url":"https://feed.craftedsignal.io/briefs/2024-01-02-localgpt-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Cve-2026-5002","version":"https://jsonfeed.org/version/1.1"}