PatchSiren cyber security CVE debrief

CVE-2026-44449 prolix-oc CVE debrief

A critical command injection vulnerability exists in Lumiverse, a full-featured AI chat application, affecting versions prior to 0.9.7. The flaw resides in SMB path handling logic where a fallback code path fails to sanitize the basename component of file paths. When the primary `toSmbPath(fullPath)` call throws an exception, the application splits the path into directory and basename components, validates only the directory prefix, then directly concatenates the basename into an `smbclient -c` script. The `smbclient` utility interprets semicolons (`;`) as subcommand separators and `!cmd` syntax as local-shell escape sequences that execute commands on the host system. An attacker with high privileges can achieve arbitrary command execution by providing a path whose directory component passes validation while the basename contains a crafted payload such as `; !<cmd>; echo `. This vulnerability is classified under CWE-88 (Improper Neutralization of Argument Delimiters in a Command) and carries a CVSS 3.1 score of 9.1 (Critical), with network attack vector, low attack complexity, high privileges required, no user interaction, and changed scope with high impacts to confidentiality, integrity, and availability. The vulnerability was disclosed on May 26, 2026, and is remediated in Lumiverse version 0.9.7.

Vendor: prolix-oc
Product: Lumiverse
CVSS: CRITICAL 9.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-26
Original CVE updated: 2026-05-27
Advisory published: 2026-05-26
Advisory updated: 2026-05-27

Who should care

Organizations running Lumiverse AI chat application versions prior to 0.9.7; security teams managing AI/ML infrastructure; developers of applications using smbclient shell invocations; incident response teams monitoring for command injection indicators

Technical summary

The vulnerability stems from incomplete input validation in a fallback error handling path. When `toSmbPath(fullPath)` throws, the application decomposes the path using dirname/basename operations, validates only the directory component against traversal patterns, then unsafely interpolates the basename into a shell command string for `smbclient -c`. The smbclient utility's command language treats `;` as a statement separator and `!` as a local execution escape, enabling injection of arbitrary host commands. The attack requires high privileges (PR:H) but is exploitable over the network with low complexity, yielding complete system compromise under changed scope (S:C).

Defensive priority

critical

Recommended defensive actions

Upgrade Lumiverse to version 0.9.7 or later to remediate this vulnerability
Review and audit all code paths that construct shell commands, especially fallback error handling routines
Implement strict input validation and sanitization for all path components, not just directory prefixes
Consider using parameterized command APIs or structured SMB libraries instead of shelling out to smbclient
Apply principle of least privilege to Lumiverse service accounts to limit impact of potential command injection
Monitor for anomalous smbclient process executions and unexpected shell activity on Lumiverse servers
Conduct security review of similar path-handling patterns in related application components

Evidence notes

Vulnerability description confirms command injection via smbclient -c script construction with unsanitized basename concatenation. CVSS vector AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H supports critical severity rating. CWE-88 classification aligns with argument delimiter injection pattern. Fix version 0.9.7 confirmed in advisory.

Official resources

2026-05-26