Tag
PromtEngineer localGPT Missing Authentication Vulnerability (CVE-2026-5000)
2 rules 1 TTPA missing authentication vulnerability (CVE-2026-5000) exists in PromtEngineer localGPT's API Endpoint, allowing remote attackers to bypass authentication by manipulating the BaseHTTPRequestHandler argument, potentially leading to unauthorized access and data manipulation.
PromtEngineer localGPT Unrestricted Upload Vulnerability (CVE-2026-5001)
2 rules 1 TTPA remote attacker can exploit an unrestricted file upload vulnerability (CVE-2026-5001) in PromtEngineer localGPT up to version 4d41c7d1713b16b216d8e062e51a5dd88b20b054 via the do_POST function in backend/server.py.
PromtEngineer localGPT LLM Prompt Handler Injection Vulnerability (CVE-2026-5002)
2 rules 1 TTPA remote code injection vulnerability (CVE-2026-5002) exists in PromtEngineer localGPT versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, allowing attackers to execute arbitrary code by manipulating the LLM Prompt Handler component via the _route_using_overviews function in backend/server.py.