Cyber Resilience

CVE-2024-3126

HighPublic PoC

Published: 16 May 2024

Published
16 May 2024
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0202 84.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3126 is a high-severity OS Command Injection (CWE-78) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 15.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: AI Model Inference API Access (AML.T0040), Craft Adversarial Data (AML.T0043), Establish Accounts (AML.T0021).

EU & UK References

Vulnerability details

A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utilizes 'subprocess.Popen' to…

more

execute a command constructed with a Python f-string, without adequately sanitizing the 'xtts_base_url' input. This flaw allows attackers to execute arbitrary commands remotely by manipulating the 'xtts_base_url' parameter. The vulnerability affects versions up to and including the latest version before 9.5. Successful exploitation could lead to arbitrary remote code execution (RCE) on the system where the application is deployed.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
The vulnerability is in parisneo/lollms-webui, an open-source web UI platform for running large language models (LLMs) and multimodal models like XTTS (text-to-speech), fitting 'Other Platforms' as a hosting/running platform for AI models.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The command injection vulnerability in the web application's API server enables remote code execution (RCE) by abusing the OS command interpreter (T1059) and exploits a public-facing application (T1190).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0040: AI Model Inference API AccessAML.T0043: Craft Adversarial DataAML.T0021: Establish AccountsAML.T0022AML.T0024: Exfiltration via AI Inference APIAML.T0048: External Harms

Affected Assets

lollms
lollms web ui
≤ 9.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References