CVE-2026-5002

A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function routeusingoverviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed fr...

CVE-2026-5001 PromtEngineer localGPT server.py do_POST unrestricted upload

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

CVE-2026-5000 PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication

A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. T...

CVE-2026-5000

PromtEngineer localGPT has a missing authentication vulnerability in the API Endpoint’s LocalGPTHandler (backend/server.py). The issue is triggered by manipulation of the BaseHTTPRequestHandler, allowing remote access and potential unauthorized control. This affects versions prior to 4d41c7d1713b...