Skip to main content

Lumiverse EUVDEUVD-2026-31981

| CVE-2026-44444 CRITICAL
OS Command Injection (CWE-78)
2026-05-26 GitHub_M
9.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
CVE Published
Jun 22, 2026 - 06:03 cve.org
CRITICAL 9.1
Patch available
May 26, 2026 - 22:02 EUVD
Analysis Generated
May 26, 2026 - 21:00 vuln.today

DescriptionGitHub Advisory

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan (assertSafeBackendBundle). A malicious extension that ships a package.json with a preinstall, postinstall, or prepare lifecycle script achieves host-level code execution the moment an admin presses Install before any dist file is inspected. This vulnerability is fixed in 0.9.7.

AnalysisAI

Host-level code execution in Lumiverse AI chat application (versions prior to 0.9.7) allows admin-authenticated attackers to run arbitrary commands on the host by submitting a malicious Spindle extension whose package.json defines lifecycle scripts. The Spindle build pipeline invokes bun install before its static safety scan and without script execution disabled, so code runs at install time on the server rather than at runtime in any sandboxed bundle. No public exploit identified at time of analysis.

Technical ContextAI

Lumiverse uses the Bun JavaScript runtime to install third-party 'Spindle' extension packages as part of its extension build pipeline. By default, package managers like bun, npm, and yarn execute preinstall, install, postinstall, and prepare lifecycle scripts declared in a package.json as the user running the installer. Lumiverse's pipeline performs the dependency install step before its custom validator assertSafeBackendBundle inspects the produced dist files, and it omits the --ignore-scripts flag that would suppress lifecycle execution. This is a textbook CWE-78 (OS Command Injection) primitive via a trusted build toolchain: the static analyzer never gets a chance to run because arbitrary shell payloads execute earlier in the dependency resolution phase. Per the supplied CPE cpe:2.3:a:prolix-oc:lumiverse:*:*:*:*:*:*:*:*, all versions of prolix-oc/Lumiverse up to the fix are in scope.

RemediationAI

Vendor-released patch: upgrade to Lumiverse 0.9.7 or later, where the Spindle pipeline invokes bun install with --ignore-scripts and runs assertSafeBackendBundle before any script execution path is reachable; see https://github.com/prolix-oc/Lumiverse/security/advisories/GHSA-8x98-3wjp-pmj9. If immediate upgrade is not feasible, administrators should disable the Spindle extension installation feature entirely (preventing legitimate extension installs as a side effect), restrict administrative access to the extension-install endpoint to a trusted operator on an isolated network segment, and only side-load extensions whose package.json has been manually audited for preinstall, postinstall, and prepare entries before invoking install. As an additional containment measure, run the Lumiverse process under a dedicated low-privilege OS account with no write access to system directories so that any residual lifecycle script execution is bounded; this does not eliminate the vulnerability but reduces blast radius.

Share

EUVD-2026-31981 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy