CVE-2026-5000

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PromtEngineer localGPT versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054

Description A missing authentication issue exists in the LocalGPTHandler function within the API Endpoint component of the software. The manipulation of the BaseHTTPRequestHandler argument leads to this issue. The attack can be executed remotely. The product implements a rolling release, making specific version information unavailable.

Recommendations Versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 require attention. As a temporary workaround, consider restricting access to the affected API Endpoint until a resolution is available.

Exploit

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2026-5000

Affected Products

Localgpt

CVE-2026-5000

Weakness Enumeration

Related Identifiers

Affected Products

References · 8