NVD HIGH: CVE-2026-5002 — A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b21...

Saturday, March 28, 2026 at 05:16 PM UTC·Source: NIST NVD

Updated: Friday, April 3, 2026 at 01:53 PM UTC

Executive Summary

Analysis

A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way. CVSS Score: 7.3. Published: 2026-03-28T17:16:45.450.

Indicators of Compromise (2)

SHA-1 (1)

4d41c7d1713b16b216d8e062e51a5dd88b20b054

VirusTotal AnyRun Joe Sandbox

CVE (1)

CVE-2026-5002

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on Mar 28, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.

3h agoDark Reading

MEDIUMVulnerability

LinkedIn secretely scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]

4h agoBleepingComputer

MEDIUMVulnerability

FCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic

Voxbeam’s actions allegedly led to “financial impersonation robocalls” that were made to American consumers “ using “non-compliant and long dormant accounts,” the FCC said.

4h agoThe Record