4.0.1
CVE-2026-5002 describes an injection vulnerability discovered in localGPT, a tool for local LLM prompting, affecting versions up to commit hash 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This flaw resides within the LLM Prompt Handler component, specifically the routeusing_overviews function in backend/server.py. Successful exploitation allows for remote code manipulation, potentially leading to unauthorized access and data compromise. Due to the rolling release nature of localGPT, specific fixed versions are not available.
An attacker can exploit CVE-2026-5002 to inject malicious code into the localGPT system. This injection can be triggered remotely, bypassing typical security boundaries. The impact of this vulnerability is significant, as a successful exploit could allow an attacker to gain control over the LLM prompting process, potentially leading to the execution of arbitrary commands on the server hosting localGPT. This could result in data exfiltration, system compromise, and denial of service. The ability to manipulate the LLM prompts themselves could also lead to the generation of misleading or harmful outputs, impacting the integrity of the application.
CVE-2026-5002 has been publicly disclosed, indicating a higher probability of exploitation. The availability of a public exploit suggests that attackers are actively seeking to leverage this vulnerability. The EPSS score is likely to be medium or high, reflecting the ease of exploitation and potential impact. No KEV listing is currently available, but given the public disclosure and exploit availability, it is possible that it will be added in the future. The vulnerability's remote accessibility further increases the risk of exploitation.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
Due to localGPT's rolling release model, a direct patch is unavailable. Mitigation strategies focus on limiting exposure and detecting malicious activity. Implement strict input validation on all data passed to the LLM Prompt Handler. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the routeusing_overviews function. Regularly monitor system logs for unusual activity, specifically looking for attempts to manipulate the prompt routing process. While a specific signature is not available, generic injection detection rules can be applied. After implementing these mitigations, verify their effectiveness by attempting to trigger the vulnerability with known injection payloads and observing the system's response.
Update to a version later than 4d41c7d1713b16b216d8e062e51a5dd88b20b054. No specific fixed version is available, so it is recommended to monitor project updates and apply the latest available version.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5002 is a HIGH severity injection vulnerability affecting localGPT versions up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. It allows remote attackers to manipulate the LLM Prompt Handler, potentially leading to system compromise.
If you are using localGPT and your version is prior to the unreleased fixed version (up to commit hash 4d41c7d1713b16b216d8e062e51a5dd88b20b054), you are potentially affected. Due to the rolling release, confirm by reviewing mitigation strategies.
Due to the rolling release system, a direct patch is unavailable. Implement input validation, WAF rules, and monitor system logs for suspicious activity as mitigation steps.
The vulnerability has been publicly disclosed and a public exploit is available, suggesting active exploitation is possible and likely.
Consult the localGPT project's official communication channels (e.g., GitHub repository, mailing list) for updates and advisories related to CVE-2026-5002.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.