CVE-2024-5181
Published: 26 June 2024
Summary
CVE-2024-5181 is a critical-severity OS Command Injection (CWE-78) vulnerability in Mudler Localai. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 22.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Supply Chain and Deployment risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46427
Vulnerability details
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this…
more
vulnerability by manipulating the path of the vulnerable binary file specified in the backend parameter, allowing the execution of arbitrary code on the system. This issue is due to improper neutralization of special elements used in an OS command, leading to potential full control over the affected system.
- CWE(s)
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- LocalAI is a self-hosted, OpenAI-compatible API platform for running large language models (LLMs) and other AI models locally, directly fitting the 'APIs and Models' category as it provides inference APIs for AI models.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a command injection vulnerability (T1059) via the attacker-controlled 'backend' parameter in LocalAI's configuration, enabling arbitrary OS command execution. As LocalAI is a public-facing REST API service, this facilitates exploitation of a public-facing application (T1190) for remote code execution.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.