Which versions of PromtEngineer are affected by EUVD-2026-16932?

Organizations using PromtEngineer localGPT should be aware of notable risk from CVE-2026-5001, a unrestricted file upload vulnerability rated CVSS 6.9. This could allow unauthorized file access.

Is there a public PoC exploit available for EUVD-2026-16932?

Yes, a public proof-of-concept exploit is available for EUVD-2026-16932. Prioritise patching immediately. EPSS: 0.0%.

PromtEngineer EUVD-2026-16932

Q: What is the CVSS score of EUVD-2026-16932?

EUVD-2026-16932 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-5001 MEDIUM

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-28 VulDB

GHSA-m73g-4qvw-9rwm

File Upload

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 28, 2026 - 16:15 euvd

EUVD-2026-16932

Analysis Generated

Mar 28, 2026 - 16:15 vuln.today

CVE Published

Mar 28, 2026 - 16:00 nvd

MEDIUM 6.9

DescriptionNVD

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Unrestricted file upload in PromtEngineer localGPT allows remote attackers to upload arbitrary files via the do_POST function in backend/server.py, enabling potential remote code execution or system compromise. The vulnerability affects all versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, impacts unauthenticated remote users, and publicly available exploit code exists. …

RemediationAI

Within 30 days: Identify affected systems running PromtEngineer localGPT and apply vendor patches as part of regular patch cycle. Review file handling controls.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-16932 vulnerability details – vuln.today

Back

PromtEngineer EUVD-2026-16932

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

PromtEngineer EUVD-2026-16932

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code