Platform
python
Component
cvep
Fixed in
4.0.1
CVE-2026-5000 is a security vulnerability identified in PromtEngineer localGPT, specifically within the API Endpoint component's LocalGPTHandler function in backend/server.py. This vulnerability stems from a missing authentication check, allowing attackers to manipulate the BaseHTTPRequestHandler. The vulnerability impacts versions up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 and can be exploited remotely. Due to the product's rolling release model, specific fixed versions are not available.
The core impact of CVE-2026-5000 lies in the lack of authentication for the API Endpoint. An attacker can exploit this to directly manipulate the BaseHTTPRequestHandler, potentially gaining unauthorized access to sensitive data or executing arbitrary commands within the localGPT environment. This could lead to data breaches, system compromise, and disruption of service. The remote nature of the exploit significantly broadens the attack surface, as it doesn't require local access to the system. Successful exploitation could allow an attacker to impersonate legitimate users or inject malicious code into the system’s processes.
The vulnerability was publicly disclosed on 2026-03-28. There are currently no known public proof-of-concept exploits available. The vendor was contacted but did not respond. The EPSS score is pending evaluation. This vulnerability highlights the importance of robust authentication mechanisms in API endpoints and the need for vendors to respond to security disclosures promptly.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
Given the rolling release model and lack of a specific patch, mitigation strategies for CVE-2026-5000 focus on network-level controls and proactive security measures. Implement a Web Application Firewall (WAF) to filter malicious requests targeting the API Endpoint. Restrict network access to the localGPT instance, allowing only authorized clients to connect. Segment the network to limit the potential blast radius of a successful attack. Monitor API endpoint traffic for unusual patterns or unauthorized access attempts. Consider implementing rate limiting to mitigate brute-force attacks. After implementing these controls, verify their effectiveness by simulating an attack and confirming that unauthorized requests are blocked.
Update to a version later than the one specified in the CVE that implements proper authentication on the API endpoint. Since no specific fixed version is mentioned, it is recommended to contact the vendor for a patched version or implement additional security measures, such as authentication and authorization, on the affected endpoint.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5000 is a HIGH severity vulnerability in localGPT versions up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054, allowing remote attackers to manipulate the BaseHTTPRequestHandler due to a missing authentication check.
You are potentially affected if you are running localGPT versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 and do not have compensating controls in place, such as a WAF.
Due to the rolling release model, a direct patch is unavailable. Mitigation focuses on implementing WAF rules, network segmentation, and monitoring API endpoint traffic.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
The vendor was contacted but did not respond. Check the PromtEngineer website and relevant security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.