CVE-2026-2544

Name of the Vulnerable Software and Affected Versions yued-fe LuLu UI versions up to 3.0.0

Description A security flaw exists in yued-fe LuLu UI, specifically in the child process.exec function within the run.js file. This allows for operating system command injection, and the attack can be initiated remotely. The vendor was contacted regarding this issue but did not provide a response.

Recommendations Versions prior to 3.0.1 should be updated. Consider temporarily restricting or disabling the use of the child process.exec function in the run.js file until a patch is available.