Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Unrestricted file upload in PromtEngineer localGPT allows remote attackers to upload arbitrary files via the do_POST function in backend/server.py, enabling potential remote code execution or system compromise. The vulnerability affects all versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, impacts unauthenticated remote users, and publicly available exploit code exists. The vendor has not responded to early disclosure attempts, leaving the product unpatched.
Technical ContextAI
The vulnerability stems from CWE-434 (Unrestricted Upload of File with Dangerous Type), a fundamental input validation flaw in the HTTP POST handler within localGPT's backend/server.py module. The do_POST function fails to implement proper file type validation, size restrictions, or destination path sanitization for uploaded files. This allows attackers to bypass intended upload controls and place malicious files directly on the server filesystem. The product follows a rolling release strategy without traditional versioning, complicating remediation tracking across deployments. The attack vector is network-accessible (AV:N) with low complexity (AC:L), requiring no prior authentication (PR:N) or user interaction (UI:N), making exploitation trivial for any remote attacker.
RemediationAI
No vendor-released patch with a specific version tag has been identified at time of analysis. Users must update their localGPT installation to a commit after 4d41c7d1713b16b216d8e062e51a5dd88b20b054 from the main repository branch. Immediately implement input validation in the do_POST function to restrict uploaded file types to an allowlist (e.g., only .txt, .pdf for document ingestion), enforce strict file size limits, and store uploads outside the web root in a non-executable directory. Deploy rate limiting on the upload endpoint and consider requiring authentication for file uploads. Until upstream fixes are available, restrict network access to localGPT to trusted internal networks only via firewall rules or VPN. Monitor the official GitHub repository for security updates and rebuild deployments promptly when available. See VulDB references (https://vuldb.com/vuln/353888) and exploit details (https://github.com/August829/CVEP/issues/7) for additional context.
Prompt injection in PromtEngineer localGPT allows unauthenticated remote attackers to manipulate LLM behavior via crafte
Authentication bypass in PromtEngineer localGPT affects the LocalGPTHandler API endpoint in backend/server.py, allowing
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16932
GHSA-m73g-4qvw-9rwm