{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/localgpt/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["localGPT"],"_cs_severities":["high"],"_cs_tags":["CVE-2026-5000","localGPT","authentication bypass","API vulnerability"],"_cs_type":"advisory","_cs_vendors":["PromtEngineer"],"content_html":"\u003cp\u003eA missing authentication vulnerability has been identified in PromtEngineer localGPT, specifically in versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This flaw resides within the \u003ccode\u003eLocalGPTHandler\u003c/code\u003e function of the \u003ccode\u003ebackend/server.py\u003c/code\u003e file, affecting the API Endpoint component. By manipulating the \u003ccode\u003eBaseHTTPRequestHandler\u003c/code\u003e argument, a remote attacker can bypass authentication mechanisms, gaining unauthorized access to the application's functionalities. Given the rolling release nature of localGPT, pinpointing specific vulnerable versions is challenging. Successful exploitation could grant attackers significant control over the localGPT instance, potentially leading to data breaches or system compromise. The vendor was notified but did not respond.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable localGPT instance running a version up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the API Endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request manipulates the \u003ccode\u003eBaseHTTPRequestHandler\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eLocalGPTHandler\u003c/code\u003e function processes the manipulated request without proper authentication checks.\u003c/li\u003e\n\u003cli\u003eThe attacker bypasses authentication and gains unauthorized access to the API Endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker can now perform privileged actions, such as accessing sensitive data or modifying application settings.\u003c/li\u003e\n\u003cli\u003eThe attacker could potentially exfiltrate data or inject malicious content.\u003c/li\u003e\n\u003cli\u003eThe final objective is complete compromise of the localGPT instance, data theft, or disruption of services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5000 allows unauthorized remote access to PromtEngineer localGPT instances. This could lead to the exposure of sensitive data processed by the application, modification of configurations, or injection of malicious content. The absence of versioning makes assessing the number of vulnerable installations difficult, but the impact on affected systems is significant, potentially resulting in data breaches, intellectual property theft, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for unusual requests to the \u003ccode\u003e/api\u003c/code\u003e endpoint that contain malformed or unexpected parameters in the request body, focusing on those affecting authentication or authorization processes. Use the \u0026quot;Detect Suspicious API Endpoint Access\u0026quot; Sigma rule below.\u003c/li\u003e\n\u003cli\u003eMonitor HTTP requests to the localGPT instance, specifically those targeting the API endpoint, for unusual manipulation of request headers or parameters, focusing on parameters related to authentication. Use the \u0026quot;Detect LocalGPT Authentication Bypass Attempt\u0026quot; Sigma rule.\u003c/li\u003e\n\u003cli\u003eWhile a patch is unavailable, implement rate limiting and input validation on the API endpoint to mitigate potential exploitation attempts based on abnormal traffic patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-30T12:00:00Z","date_published":"2024-01-30T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-30-localgpt-auth-bypass/","summary":"A missing authentication vulnerability (CVE-2026-5000) exists in PromtEngineer localGPT's API Endpoint, allowing remote attackers to bypass authentication by manipulating the BaseHTTPRequestHandler argument, potentially leading to unauthorized access and data manipulation.","title":"PromtEngineer localGPT Missing Authentication Vulnerability (CVE-2026-5000)","url":"https://feed.craftedsignal.io/briefs/2024-01-30-localgpt-auth-bypass/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["localGPT"],"_cs_severities":["high"],"_cs_tags":["unrestricted-upload","remote-code-execution","localGPT"],"_cs_type":"advisory","_cs_vendors":["PromtEngineer"],"content_html":"\u003cp\u003ePromtEngineer localGPT is vulnerable to an unrestricted file upload vulnerability (CVE-2026-5001) affecting versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The vulnerability resides in the \u003ccode\u003edo_POST\u003c/code\u003e function within the \u003ccode\u003ebackend/server.py\u003c/code\u003e file. This flaw allows a remote attacker to upload arbitrary files to the server without proper validation, potentially leading to remote code execution or other malicious activities. The exploit is publicly available, increasing the risk of exploitation. The vendor has not responded to vulnerability disclosures. This vulnerability poses a significant risk to organizations utilizing vulnerable versions of localGPT, potentially allowing attackers to compromise the system and gain unauthorized access.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable localGPT instance running a version up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003ebackend/server.py\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a file upload component with a file containing malicious code (e.g., a reverse shell).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edo_POST\u003c/code\u003e function in \u003ccode\u003ebackend/server.py\u003c/code\u003e processes the request without proper validation of the file type or content.\u003c/li\u003e\n\u003cli\u003eThe malicious file is written to a publicly accessible directory on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker sends another HTTP request to execute the uploaded malicious file.\u003c/li\u003e\n\u003cli\u003eThe malicious code executes, granting the attacker a reverse shell or other means of remote access.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the gained access to compromise the system further, potentially leading to data exfiltration or other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to upload and execute arbitrary files on the affected system, potentially leading to complete system compromise. This can result in data breaches, service disruption, or the deployment of malware. Given the nature of localGPT, which often handles sensitive data, the impact of a successful attack could be significant. The specific number of affected systems and sectors is currently unknown due to the limited information available.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests targeting the \u003ccode\u003ebackend/server.py\u003c/code\u003e endpoint with file upload attempts. Use the provided Sigma rule to detect potential exploitation attempts (Log Source: webserver, product: linux/windows).\u003c/li\u003e\n\u003cli\u003eImplement strict file type and content validation on the server to prevent the upload of malicious files.\u003c/li\u003e\n\u003cli\u003eApply a web application firewall (WAF) rule to block known exploit patterns targeting CVE-2026-5001.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of localGPT, if available, or implement compensating controls until a patch is released.\u003c/li\u003e\n\u003cli\u003eReview and restrict access controls to the file upload directory to minimize the impact of successful uploads.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-24T12:00:00Z","date_published":"2024-01-24T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-localgpt-upload/","summary":"A remote attacker can exploit an unrestricted file upload vulnerability (CVE-2026-5001) in PromtEngineer localGPT up to version 4d41c7d1713b16b216d8e062e51a5dd88b20b054 via the do_POST function in backend/server.py.","title":"PromtEngineer localGPT Unrestricted Upload Vulnerability (CVE-2026-5001)","url":"https://feed.craftedsignal.io/briefs/2024-01-localgpt-upload/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["localGPT"],"_cs_severities":["high"],"_cs_tags":["injection","llm","localgpt","cve-2026-5002","webserver"],"_cs_type":"advisory","_cs_vendors":["PromtEngineer"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-5002, has been identified in PromtEngineer localGPT, an open-source project providing local Large Language Model (LLM) capabilities. The vulnerability affects versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The root cause lies within the \u003ccode\u003e_route_using_overviews\u003c/code\u003e function of the \u003ccode\u003ebackend/server.py\u003c/code\u003e file, which is part of the LLM Prompt Handler component. Successful exploitation allows for remote code injection, granting attackers the ability to execute arbitrary commands on the server hosting localGPT. This is particularly concerning as localGPT is designed to handle user-provided prompts, making it a prime target for malicious actors. The vendor has not responded to disclosure attempts. The public availability of an exploit further elevates the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an instance of PromtEngineer localGPT running a vulnerable version (\u0026lt;= 4d41c7d1713b16b216d8e062e51a5dd88b20b054).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious prompt designed to exploit the injection vulnerability in the \u003ccode\u003e_route_using_overviews\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious prompt to the localGPT instance through a network request, targeting the LLM Prompt Handler component.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e_route_using_overviews\u003c/code\u003e function processes the malicious prompt without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe lack of sanitization leads to the injection of attacker-controlled code into the LLM processing pipeline.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed by the localGPT server, potentially allowing arbitrary command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the localGPT server, potentially escalating privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker can now use the compromised server for further malicious activities, such as data exfiltration or lateral movement within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5002 grants attackers the ability to execute arbitrary code on systems running vulnerable versions of PromtEngineer localGPT. This could lead to complete system compromise, data theft, and potential disruption of services. Given the nature of localGPT as a tool for handling sensitive information and prompts, the impact is significant. There is currently no information about specific victims or sectors targeted; however, the public availability of the exploit makes all deployments vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates to PromtEngineer localGPT to mitigate CVE-2026-5002. Since version information is not disclosed, monitor the project's repository for any updates and apply them promptly.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on the LLM Prompt Handler component to prevent code injection. Specifically, focus on the \u003ccode\u003e_route_using_overviews\u003c/code\u003e function in \u003ccode\u003ebackend/server.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect Suspicious localGPT Requests\u0026quot; to identify potential exploitation attempts targeting CVE-2026-5002 based on HTTP request patterns.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity originating from systems running localGPT, looking for unusual outbound connections or data transfer patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-02-localgpt-injection/","summary":"A remote code injection vulnerability (CVE-2026-5002) exists in PromtEngineer localGPT versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, allowing attackers to execute arbitrary code by manipulating the LLM Prompt Handler component via the _route_using_overviews function in backend/server.py.","title":"PromtEngineer localGPT LLM Prompt Handler Injection Vulnerability (CVE-2026-5002)","url":"https://feed.craftedsignal.io/briefs/2024-01-02-localgpt-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Localgpt","version":"https://jsonfeed.org/version/1.1"}