Mudler Localai
11 CVEs affecting Mudler Localai. Latest disclosed: 2025-03-20. Critical: 4, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6868 | Critical | 9.8 | 2024-10-29 | mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify addit… |
CVE-2024-5181 | Critical | 9.8 | 2024-06-26 | A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend paramete… |
CVE-2024-2029 | Critical | 9.8 | 2024-04-10 | A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio… |
CVE-2024-5182 | Critical | 9.1 | 2024-06-20 | A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process t… |
CVE-2024-6983 | High | 8.8 | 2024-09-27 | mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the co… |
CVE-2024-3135 | Medium | 6.5 | 2024-04-01 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited b… |
CVE-2024-9900 | Medium | 6.1 | 2025-03-20 | mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper saniti… |
CVE-2024-48057 | Medium | 6.1 | 2024-11-04 | localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time s… |
CVE-2024-7010 | Medium | 5.9 | 2024-10-29 | mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing… |
CVE-2024-6095 | Medium | 5.8 | 2024-07-06 | A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion… |
CVE-2024-5616 | Medium | 4.3 | 2024-07-06 | A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into de… |