What is the CVSS score of CVE-2026-44450?

CVE-2026-44450 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Lumiverse are affected by CVE-2026-44450?

Lumiverse AI chat application versions prior to 0.9.7 contain a critical remote code execution vulnerability allowing authenticated users to execute arbitrary operating system commands on the server.. A patch is available.

How to fix or mitigate CVE-2026-44450?

24 HOURS: Inventory all systems running Lumiverse AI, identify specific versions deployed, and enumerate which staff and service accounts have authenticated access. Determine whether MCP server functionality is actively required. WITHIN 7 DAYS: Implement network segmentation restricting application access to internal users only; disable or isolate the MCP server creation endpoint if not required; enable comprehensive logging and alerting for all process execution on affected servers. WITHIN 30 DAYS: Upgrade to Lumiverse AI 0.9.7 or later once released; conduct security testing on the patched version before production deployment. If upgrade unavailable by day 30, begin migration to alternative chat platforms without this vulnerability.

Lumiverse CVE-2026-44450

EUVD-2026-31978 CRITICAL

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2026-05-26 GitHub_M

RCE

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 26, 2026 - 22:02 EUVD

Analysis Generated

May 26, 2026 - 21:00 vuln.today

DescriptionNVD

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code execution flag (-e for node/bun, -c for python3/deno), giving any logged-in user arbitrary OS-level code execution on the Lumiverse server. The route requires only requireAuth (not requireOwner). The server binds on all interfaces (::) and the host-header rebinding check is bypassed trivially by any HTTP client that sends Host: localhost:<port> directly, making this exploitable from any machine with network access to the server port. This vulnerability is fixed in 0.9.7.

AnalysisAI

Remote code execution in Lumiverse AI chat application prior to 0.9.7 allows any authenticated user to run arbitrary OS-level commands on the server by abusing the MCP server creation endpoint. Although the endpoint allowlists binary names (node, bun, python3, deno), it forwards user-controlled args unfiltered to the child process, and every allowed binary supports inline code execution flags (-e or -c). …

RemediationAI

24 HOURS: Inventory all systems running Lumiverse AI, identify specific versions deployed, and enumerate which staff and service accounts have authenticated access. Determine whether MCP server functionality is actively required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44450 vulnerability details – vuln.today

Back

Lumiverse CVE-2026-44450

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code