CRITICAL🇵🇱 Wersja polska

CVE-2026-44450

CVSS 9.9v3.1pub. 2026-05-26upd. 2026-05-27

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code execution flag (-e for node/bun, -c for python3/deno), giving any logged-in user arbitrary OS-level code execution on the Lumiverse server. The route requires only requireAuth (not requireOwner). The server binds on all interfaces (::) and the host-header rebinding check is bypassed trivially by any HTTP client that sends Host: localhost:<port> directly, making this exploitable from any machine with network access to the server port. This vulnerability is fixed in 0.9.7.

🤖 AI Analysis
How it works

The MCP server creation endpoint verifies the 'command' field against a list of allowed binaries (including node, bun, python3, deno), however the 'args' array is passed to the child process without any validation. Each of the allowed binaries accepts a flag enabling inline code execution (e.g., -e for node/bun, -c for python3/deno), which allows arbitrary code injection. The endpoint requires only authentication (requireAuth), not owner permissions (requireOwner). Additionally, the server listens on all interfaces (::), and the Host header-based protection can be trivially bypassed by sending a 'Host: localhost:<port>' header from any HTTP client with network access to the server port.

Impact

An attacker with network access to the server port and a valid user account can execute arbitrary code at the operating system level of the Lumiverse server, gaining full control of the system, including confidentiality, integrity, and availability of data.

Mitigation & patch

Lumiverse should be updated to version 0.9.7, in which the vulnerability has been fixed. Details are available in the vendor references: https://github.com/prolix-oc/Lumiverse/security/advisories/GHSA-mfwv-ch2f-9j5v

Who is affected

Lumiverse in versions prior to 0.9.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References