<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Localgpt - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/localgpt/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 30 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/localgpt/feed.xml" rel="self" type="application/rss+xml"/><item><title>PromtEngineer localGPT Missing Authentication Vulnerability (CVE-2026-5000)</title><link>https://feed.craftedsignal.io/briefs/2024-01-30-localgpt-auth-bypass/</link><pubDate>Tue, 30 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-30-localgpt-auth-bypass/</guid><description>A missing authentication vulnerability (CVE-2026-5000) exists in PromtEngineer localGPT's API Endpoint, allowing remote attackers to bypass authentication by manipulating the BaseHTTPRequestHandler argument, potentially leading to unauthorized access and data manipulation.</description><content:encoded><![CDATA[<p>A missing authentication vulnerability has been identified in PromtEngineer localGPT, specifically in versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This flaw resides within the <code>LocalGPTHandler</code> function of the <code>backend/server.py</code> file, affecting the API Endpoint component. By manipulating the <code>BaseHTTPRequestHandler</code> argument, a remote attacker can bypass authentication mechanisms, gaining unauthorized access to the application's functionalities. Given the rolling release nature of localGPT, pinpointing specific vulnerable versions is challenging. Successful exploitation could grant attackers significant control over the localGPT instance, potentially leading to data breaches or system compromise. The vendor was notified but did not respond.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker identifies a vulnerable localGPT instance running a version up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054.</li>
<li>The attacker crafts a malicious HTTP request targeting the API Endpoint.</li>
<li>The crafted request manipulates the <code>BaseHTTPRequestHandler</code> argument.</li>
<li>The <code>LocalGPTHandler</code> function processes the manipulated request without proper authentication checks.</li>
<li>The attacker bypasses authentication and gains unauthorized access to the API Endpoint.</li>
<li>The attacker can now perform privileged actions, such as accessing sensitive data or modifying application settings.</li>
<li>The attacker could potentially exfiltrate data or inject malicious content.</li>
<li>The final objective is complete compromise of the localGPT instance, data theft, or disruption of services.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-5000 allows unauthorized remote access to PromtEngineer localGPT instances. This could lead to the exposure of sensitive data processed by the application, modification of configurations, or injection of malicious content. The absence of versioning makes assessing the number of vulnerable installations difficult, but the impact on affected systems is significant, potentially resulting in data breaches, intellectual property theft, and reputational damage.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Inspect web server logs for unusual requests to the <code>/api</code> endpoint that contain malformed or unexpected parameters in the request body, focusing on those affecting authentication or authorization processes. Use the &quot;Detect Suspicious API Endpoint Access&quot; Sigma rule below.</li>
<li>Monitor HTTP requests to the localGPT instance, specifically those targeting the API endpoint, for unusual manipulation of request headers or parameters, focusing on parameters related to authentication. Use the &quot;Detect LocalGPT Authentication Bypass Attempt&quot; Sigma rule.</li>
<li>While a patch is unavailable, implement rate limiting and input validation on the API endpoint to mitigate potential exploitation attempts based on abnormal traffic patterns.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>CVE-2026-5000</category><category>localGPT</category><category>authentication bypass</category><category>API vulnerability</category></item><item><title>PromtEngineer localGPT Unrestricted Upload Vulnerability (CVE-2026-5001)</title><link>https://feed.craftedsignal.io/briefs/2024-01-localgpt-upload/</link><pubDate>Wed, 24 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-localgpt-upload/</guid><description>A remote attacker can exploit an unrestricted file upload vulnerability (CVE-2026-5001) in PromtEngineer localGPT up to version 4d41c7d1713b16b216d8e062e51a5dd88b20b054 via the do_POST function in backend/server.py.</description><content:encoded><![CDATA[<p>PromtEngineer localGPT is vulnerable to an unrestricted file upload vulnerability (CVE-2026-5001) affecting versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The vulnerability resides in the <code>do_POST</code> function within the <code>backend/server.py</code> file. This flaw allows a remote attacker to upload arbitrary files to the server without proper validation, potentially leading to remote code execution or other malicious activities. The exploit is publicly available, increasing the risk of exploitation. The vendor has not responded to vulnerability disclosures. This vulnerability poses a significant risk to organizations utilizing vulnerable versions of localGPT, potentially allowing attackers to compromise the system and gain unauthorized access.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker identifies a vulnerable localGPT instance running a version up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054.</li>
<li>The attacker crafts a malicious HTTP POST request targeting the <code>backend/server.py</code> endpoint.</li>
<li>The POST request includes a file upload component with a file containing malicious code (e.g., a reverse shell).</li>
<li>The <code>do_POST</code> function in <code>backend/server.py</code> processes the request without proper validation of the file type or content.</li>
<li>The malicious file is written to a publicly accessible directory on the server.</li>
<li>The attacker sends another HTTP request to execute the uploaded malicious file.</li>
<li>The malicious code executes, granting the attacker a reverse shell or other means of remote access.</li>
<li>The attacker leverages the gained access to compromise the system further, potentially leading to data exfiltration or other malicious activities.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this vulnerability allows attackers to upload and execute arbitrary files on the affected system, potentially leading to complete system compromise. This can result in data breaches, service disruption, or the deployment of malware. Given the nature of localGPT, which often handles sensitive data, the impact of a successful attack could be significant. The specific number of affected systems and sectors is currently unknown due to the limited information available.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Monitor web server logs for suspicious POST requests targeting the <code>backend/server.py</code> endpoint with file upload attempts. Use the provided Sigma rule to detect potential exploitation attempts (Log Source: webserver, product: linux/windows).</li>
<li>Implement strict file type and content validation on the server to prevent the upload of malicious files.</li>
<li>Apply a web application firewall (WAF) rule to block known exploit patterns targeting CVE-2026-5001.</li>
<li>Upgrade to a patched version of localGPT, if available, or implement compensating controls until a patch is released.</li>
<li>Review and restrict access controls to the file upload directory to minimize the impact of successful uploads.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>unrestricted-upload</category><category>remote-code-execution</category><category>localGPT</category></item><item><title>PromtEngineer localGPT LLM Prompt Handler Injection Vulnerability (CVE-2026-5002)</title><link>https://feed.craftedsignal.io/briefs/2024-01-02-localgpt-injection/</link><pubDate>Tue, 02 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-02-localgpt-injection/</guid><description>A remote code injection vulnerability (CVE-2026-5002) exists in PromtEngineer localGPT versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, allowing attackers to execute arbitrary code by manipulating the LLM Prompt Handler component via the _route_using_overviews function in backend/server.py.</description><content:encoded><![CDATA[<p>A critical vulnerability, CVE-2026-5002, has been identified in PromtEngineer localGPT, an open-source project providing local Large Language Model (LLM) capabilities. The vulnerability affects versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The root cause lies within the <code>_route_using_overviews</code> function of the <code>backend/server.py</code> file, which is part of the LLM Prompt Handler component. Successful exploitation allows for remote code injection, granting attackers the ability to execute arbitrary commands on the server hosting localGPT. This is particularly concerning as localGPT is designed to handle user-provided prompts, making it a prime target for malicious actors. The vendor has not responded to disclosure attempts. The public availability of an exploit further elevates the risk.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker identifies an instance of PromtEngineer localGPT running a vulnerable version (&lt;= 4d41c7d1713b16b216d8e062e51a5dd88b20b054).</li>
<li>The attacker crafts a malicious prompt designed to exploit the injection vulnerability in the <code>_route_using_overviews</code> function.</li>
<li>The attacker sends the malicious prompt to the localGPT instance through a network request, targeting the LLM Prompt Handler component.</li>
<li>The <code>_route_using_overviews</code> function processes the malicious prompt without proper sanitization or validation.</li>
<li>The lack of sanitization leads to the injection of attacker-controlled code into the LLM processing pipeline.</li>
<li>The injected code is executed by the localGPT server, potentially allowing arbitrary command execution.</li>
<li>The attacker gains control of the localGPT server, potentially escalating privileges.</li>
<li>The attacker can now use the compromised server for further malicious activities, such as data exfiltration or lateral movement within the network.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-5002 grants attackers the ability to execute arbitrary code on systems running vulnerable versions of PromtEngineer localGPT. This could lead to complete system compromise, data theft, and potential disruption of services. Given the nature of localGPT as a tool for handling sensitive information and prompts, the impact is significant. There is currently no information about specific victims or sectors targeted; however, the public availability of the exploit makes all deployments vulnerable.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply any available patches or updates to PromtEngineer localGPT to mitigate CVE-2026-5002. Since version information is not disclosed, monitor the project's repository for any updates and apply them promptly.</li>
<li>Implement input validation and sanitization measures on the LLM Prompt Handler component to prevent code injection. Specifically, focus on the <code>_route_using_overviews</code> function in <code>backend/server.py</code>.</li>
<li>Deploy the Sigma rule &quot;Detect Suspicious localGPT Requests&quot; to identify potential exploitation attempts targeting CVE-2026-5002 based on HTTP request patterns.</li>
<li>Monitor network traffic for suspicious activity originating from systems running localGPT, looking for unusual outbound connections or data transfer patterns.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>injection</category><category>llm</category><category>localgpt</category><category>cve-2026-5002</category><category>webserver</category></item></channel></rss>