Browse all 4 CVE security advisories affecting PromtEngineer. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PromtEngineer specializes in AI-powered prompt generation and optimization for large language models, enabling automated content creation and interaction systems. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to improper input validation and insecure API handling. The tool has accumulated four CVEs, primarily stemming from insufficient sanitization of user-generated prompts and inadequate access controls. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in securing prompt processing interfaces and model interactions, requiring robust input sanitization and secure coding practices to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5003 | PromtEngineer localGPT Web api_server.py handle_index information disclosure — localGPTCWE-200 | 5.3 | Medium | 2026-03-28 |
| CVE-2026-5002 | PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection — localGPTCWE-74 | 7.3 | High | 2026-03-28 |
| CVE-2026-5001 | PromtEngineer localGPT server.py do_POST unrestricted upload — localGPTCWE-434 | 7.3 | High | 2026-03-28 |
| CVE-2026-5000 | PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication — localGPTCWE-306 | 7.3 | High | 2026-03-28 |
This page lists every published CVE security advisory associated with PromtEngineer. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.