Cyber Resilience

CVE-2026-5002

Medium

Published: 28 March 2026

Published
28 March 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 20.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5002 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5002 is an injection vulnerability affecting PromtEngineer localGPT up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The issue resides in the _route_using_overviews function of the backend/server.py file within the LLM Prompt Handler component. Published on 2026-03-28, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is associated with CWEs 74 and 707.

Remote attackers require no privileges or user interaction to exploit this vulnerability due to its low attack complexity and network accessibility. Successful manipulation enables injection attacks, resulting in low-level impacts to confidentiality, integrity, and availability.

VulDB advisories and a related GitHub issue document the public disclosure of the exploit. The product uses a rolling release model, so no specific affected or patched versions are disclosed. The vendor was notified early but provided no response or mitigation guidance.

EU & UK References

Vulnerability details

A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed from remote.…

more

The exploit has been disclosed to the public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote network-accessible injection vulnerability in the LLM prompt handler/server component directly enables exploitation of a public-facing application (T1190) for limited impact injection attacks.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2954Shared CWE-707, CWE-74
CVE-2026-9422Shared CWE-707, CWE-74
CVE-2026-4504Shared CWE-74
CVE-2024-39604Shared CWE-74
CVE-2025-20337Shared CWE-74
CVE-2025-64428Shared CWE-74
CVE-2026-45344Shared CWE-74
CVE-2026-25814Shared CWE-74
CVE-2026-33833Shared CWE-74
CVE-2026-27727Shared CWE-74

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation and sanitization of inputs to the _route_using_overviews function in backend/server.py to block injection manipulations in the LLM Prompt Handler.

prevent

Requires timely identification, reporting, and remediation of the specific injection flaw (CVE-2026-5002) in PromtEngineer localGPT.

detect

Provides continuous vulnerability scanning to identify the injection vulnerability in localGPT up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054.

References