Prolix-oc Lumiverse
5 CVEs affecting Prolix-oc Lumiverse. Latest disclosed: 2026-05-26. Critical: 4, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44450 | Critical | 9.9 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary n… |
CVE-2026-44451 | Critical | 9.3 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with… |
CVE-2026-44449 | Critical | 9.1 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename… |
CVE-2026-44444 | Critical | 9.1 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag befo… |
CVE-2026-44443 | Medium | 4.8 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not v… |