PT-2026-8318 · Yued Fe · Lulu Ui

Lakshay12311

Publicado

2026-02-16

Atualizado

2026-02-21

CVE-2026-2544

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions yued-fe LuLu UI versions up to 3.0.0

Description A security flaw exists in yued-fe LuLu UI, specifically in the child process.exec function within the run.js file. This allows for operating system command injection, and the attack can be initiated remotely. The vendor was contacted regarding this issue but did not provide a response.

Recommendations Versions prior to 3.0.1 should be updated. Consider temporarily restricting or disabling the use of the child process.exec function in the run.js file until a patch is available.

Exploit

Correção

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

CVE-2026-2544

Produtos afetados

Lulu Ui

PT-2026-8318 · Yued Fe · Lulu Ui

CVE-2026-2544

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10