Gửi #779148: PromtEngineer localGPT Latest (commit: 4d41c7d) Arbitrary File Readthông tin

tiêu đềPromtEngineer localGPT Latest (commit: 4d41c7d) Arbitrary File Read
Mô tảA critical vulnerability chain exists in localGPT's RAG (Retrieval-Augmented Generation) system that allows any unauthenticated attacker to read arbitrary files from the server and extract their complete contents through the web interface. The vulnerability combines two separate flaws: By chaining these vulnerabilities, an attacker can: Read sensitive configuration files containing passwords, API keys, and database credentials Extract user data and system information Access AWS credentials, SSH keys, and other secrets Perform all actions without any authentication This is a zero-click, pre-authentication remote code execution equivalent that leads to complete system compromise.
Nguồn⚠️ https://github.com/August829/CVEP/issues/10
Người dùng
 Yu_Bao (UID 89348)
Đệ trình13/03/2026 03:53 (cách đây 4 các tháng)
Kiểm duyệt27/03/2026 14:49 (14 days later)
Trạng tháiđược chấp nhận
Mục VulDB353890 [PromtEngineer localGPT đến 4d41c7d1713b16b216d8e062e51a5dd88b20b054 Web Interface rag_system/api_server.py handle_index tiết lộ thông tin]
điểm20

Do you need the next level of professionalism?

Upgrade your account now!