LOW
aandrew-me
CVE published 2026-05-09
CVE-2026-8210
CVE-2026-8210 is a local command-injection vulnerability affecting aandrew-me tgpt up to version 2.11.1 on Linux/macOS. The issue is described as residing in helper.Update in helper.go within the update handler component. NVD lists the issue with a low CVSS 4.0 vector and local access prerequisites, but the source description also notes that exploit code has been publicly disclosed. That makes this a lowe [truncated]