โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-44450
CVE-2026-44450 - Lumiverse: RCE via MCP stdio argument injection
๐Ÿ“… 2026-05-27 00:16:38
๐Ÿ”ด Critical ๐Ÿ”ฅ No MITRE CVE High AI Attack General

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-44450 Published : May 26, 2026, 9:16 p.m. | 9ย hours, 8ย minutes ago Description :Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-cod

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Lumiverse: RCE via

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

AI Attack

๐Ÿ”— CVE ID

CVE-2026-44450

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2026-44450 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†