CVE-2026-2544

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

EUVD-2026-6119

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

Command Injection

Overview lu2 is a Simple and flexible UI component library based on native HTML and JavaScript Affected versions of this package are vulnerable to Command Injection due to the use of childprocess.exec function in run.js. An attacker can execute arbitrary operating system commands by supplying...

CVE-2026-2544

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

CVE-2026-2544

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

CVE-2026-2544

CVE-2026-2544 affects yued-fe LuLu UI up to version 3.0.0. The vulnerability lies in the run.js file’s use of child_process.exec, enabling os command injection via remote attack. Multiple sources confirm the issue and remote exploitability, with vendor contact noted but no response. CVSS scores i...

CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

LuLu UI 操作系统命令注入漏洞

LuLu UI is a native UI component library developed by yued-fe. Versions of LuLu UI 3.0.0 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the childprocess.exec function in the run.js file, which allowed for command injection via os...

PT-2026-8318

Name of the Vulnerable Software and Affected Versions yued-fe LuLu UI versions up to 3.0.0 Description A security flaw exists in yued-fe LuLu UI, specifically in the child process.exec function within the run.js file. This allows for operating system command injection, and the attack can be...