โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-44451
CVE-2026-44451 - Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass
๐Ÿ“… 2026-05-27 00:16:38
๐Ÿ”ด Critical ๐Ÿ”ฅ No MITRE CVE High AI Attack General

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-44451 Published : May 26, 2026, 9:16 p.m. | 9ย hours, 8ย minutes ago Description :Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponen

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Lumiverse: TSX component

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

AI Attack

๐Ÿ”— CVE ID

CVE-2026-44451

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2026-44451 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†