| Titre | PromtEngineer localGPT Latest (commit 4d41c7d) Missing Authentication and Authorization |
|---|
| Description | A complete lack of authentication and authorization mechanisms in localGPT allows any unauthenticated user to create, read, modify, and delete all sessions and messages without any credentials. An attacker can access sensitive conversation history containing confidential information such as database credentials, API keys, customer data, and proprietary business information. This vulnerability affects all API endpoints and represents a critical security failure that exposes all data stored in the system. |
|---|
| La source | ⚠️ https://github.com/August829/CVEP/issues/8 |
|---|
| Utilisateur | Yu_Bao (UID 89348) |
|---|
| Soumission | 12/03/2026 03:44 (il y a 17 jours) |
|---|
| Modérer | 27/03/2026 14:49 (15 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 353887 [PromtEngineer localGPT API Endpoint backend/server.py LocalGPTHandler BaseHTTPRequestHandler authentification faible] |
|---|
| Points | 20 |
|---|