CVE Catalog

CVE-2026-44450

Critical
Published: Translated: NVD NIST

Summary

Lumiverse is an AI chat application that prior to version 0.9.7 had a vulnerability in the MCP server creation endpoint. The command field was validated, but the args array passed to the child process was not verified, allowing logged-in users to execute arbitrary OS-level code.

Risk Assessment

This vulnerability poses a serious security risk as any logged-in user can gain access to the Lumiverse server's operating system and execute unauthorized commands. This could lead to data and system compromise.

Recommendation

It is recommended to upgrade to version 0.9.7 to mitigate this vulnerability. Additionally, implementing further validation mechanisms for arguments passed to child processes is advisable.

Original NVD description (English source)

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code execution flag (-e for node/bun, -c for python3/deno), giving any logged-in user arbitrary OS-level code execution on the Lumiverse server. The route requires only requireAuth (not requireOwner). The server binds on all interfaces (::) and the host-header rebinding check is bypassed trivially by any HTTP client that sends Host: localhost:<port> directly, making this exploitable from any machine with network access to the server port. This vulnerability is fixed in 0.9.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS