CVE-2026-44444— Lumiverse: Spindle extension install runs untrusted lifecycle scripts before security scan
Possible ATT&CK Techniques 3AI
T1195 · Supply Chain Compromise T1059 · Command and Scripting Interpreter T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44444
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lumiverse: Spindle extension install runs untrusted lifecycle scripts before security scan
Source: NVD (National Vulnerability Database)
Vulnerability Description
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan (assertSafeBackendBundle). A malicious extension that ships a package.json with a preinstall, postinstall, or prepare lifecycle script achieves host-level code execution the moment an admin presses Install before any dist file is inspected. This vulnerability is fixed in 0.9.7.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Lumiverse 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Lumiverse是Prolix OCs个人开发者的一个全功能AI聊天应用套件。 Lumiverse 0.9.7之前版本存在操作系统命令注入漏洞,该漏洞源于Spindle扩展构建管道在运行静态后端安全扫描前调用bun install时未使用--ignore-scripts标志,恶意扩展通过package.json中的preinstall、postinstall或prepare生命周期脚本可在管理员按下安装时实现主机级代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44444
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44444
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44444 (1)
Same Patch Batch · prolix-oc · 2026-05-26 · 5 CVEs total
| CVE-2026-44450 | 9.9 CRITICAL | Lumiverse: RCE via MCP stdio argument injection |
| CVE-2026-44451 | 9.3 CRITICAL | Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass |
| CVE-2026-44449 | 9.1 CRITICAL | Lumiverse: SMB `exists()` basename injection via smbclient `!cmd` escape |
| CVE-2026-44443 | 4.8 MEDIUM | Lumiverse: Sign-up nonce race condition allows unauthorized account registration |
IV. Related Vulnerabilities
Same product: Lumiverse
Same vendor: prolix-oc
Same weakness: CWE-78
- CVE-2026-47294
Microsoft SharePoint Server Remote Code Execution Vulnerabil - CVE-2026-10279
hiraishikentaro wezterm-mcp switch_pane/write_to_specific_pa - CVE-2026-10273
php-censor Webhook Endpoint GitBuild.php os command injectio - CVE-2026-10219
nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge - CVE-2026-10214
zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_war
V. Comments for CVE-2026-44444
No comments yet