Cyber Resilience

CVE-2026-5001

Medium

Published: 28 March 2026

Published
28 March 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 18.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5001 is a medium-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5001 is an unrestricted file upload vulnerability in the PromtEngineer localGPT project, affecting commits up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The flaw resides in the do_POST function within the backend/server.py file, allowing manipulation that enables unrestricted uploads. This issue carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type). The product follows a rolling release strategy, so no specific affected or patched versions are defined.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, primarily through uploading arbitrary files to the server, which could facilitate further compromise depending on the uploaded content and server configuration.

Advisories from sources like VULDB and a GitHub issue tracker (https://github.com/August829/CVEP/issues/7, https://vuldb.com/?submit/778316, https://vuldb.com/vuln/353888, https://vuldb.com/vuln/353888/cti) confirm the remote exploitability and note that a proof-of-concept has been published and may be actively used. The vendor was notified early but provided no response, and no official patches or mitigations are specified due to the rolling release model; practitioners should monitor for commits beyond the affected hash and implement network controls to block unauthorized uploads.

Notable context includes the public availability of the exploit, increasing real-world risk, and the software's focus on localGPT, suggesting relevance to local AI/ML deployments for prompt engineering and language model inference.

EU & UK References

Vulnerability details

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been…

more

published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Unrestricted file upload in exposed server.py do_POST directly enables remote exploitation of public-facing app (T1190); arbitrary file placement facilitates web shell deployment (T1505.003) and ingress of attacker tools (T1105).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1107Shared CWE-284, CWE-434
CVE-2025-0722Shared CWE-284, CWE-434
CVE-2025-2687Shared CWE-284, CWE-434
CVE-2026-4221Shared CWE-284, CWE-434
CVE-2024-13133Shared CWE-284, CWE-434
CVE-2026-1424Shared CWE-284, CWE-434
CVE-2025-0460Shared CWE-284, CWE-434
CVE-2025-2350Shared CWE-284, CWE-434
CVE-2025-1166Shared CWE-284, CWE-434
CVE-2025-2115Shared CWE-284, CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses unrestricted file uploads by requiring validation of inputs to the do_POST function for file type, size, and dangerous content.

prevent

Enforces access control policies to prevent unauthorized remote file uploads due to improper access control in backend/server.py.

prevent

Restricts classes of file inputs allowed via the vulnerable endpoint, mitigating CWE-434 unrestricted upload of dangerous types.

References