Cyber Resilience

CVE-2024-2029

CriticalPublic PoCRCE

Published: 10 April 2024

Published
10 April 2024
Modified
15 July 2025
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0176 83.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2029 is a critical-severity OS Command Injection (CWE-78) vulnerability in Mudler Localai. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 17.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Exfiltration via AI Inference API (AML.T0024), External Harms (AML.T0048), AI Supply Chain Compromise (AML.T0010).

EU & UK References

Vulnerability details

A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them…

more

to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
LocalAI is an open-source platform for local inference of AI models, including support for transcription via endpoints like TranscriptEndpoint, making it an AI platform affected by this vulnerability.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The command injection vulnerability enables arbitrary shell command execution (T1059) through unsanitized user-supplied filenames passed to ffmpeg in a public-facing API endpoint (T1190).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0024: Exfiltration via AI Inference APIAML.T0048: External HarmsAML.T0010: AI Supply Chain Compromise

Affected Assets

mudler
localai
≤ 2.10.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References