CVE-2024-2029
Published: 10 April 2024
Summary
CVE-2024-2029 is a critical-severity OS Command Injection (CWE-78) vulnerability in Mudler Localai. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 17.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Exfiltration via AI Inference API (AML.T0024), External Harms (AML.T0048), AI Supply Chain Compromise (AML.T0010).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-1328
Vulnerability details
A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them…
more
to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- LocalAI is an open-source platform for local inference of AI models, including support for transcription via endpoints like TranscriptEndpoint, making it an AI platform affected by this vulnerability.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability enables arbitrary shell command execution (T1059) through unsanitized user-supplied filenames passed to ffmpeg in a public-facing API endpoint (T1190).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.