A critical command injection vulnerability in Lumiverse allows authenticated users to execute arbitrary commands on the underlying host server.

The MCP server creation endpoint fails to validate the args array passed to child processes, allowing an attacker to inject inline-code execution flags. While the exploit requires the attacker to be logged in, it bypasses intended restrictions to grant OS-level code execution.

With a CVSS score of 9.9, this vulnerability poses a maximum risk to the server infrastructure. An attacker with standard user access can escalate privileges to the OS level, resulting in full control over the Lumiverse server and potential access to sensitive data or internal network resources.

Immediate Action: Update the Lumiverse AI chat application to version 0.9.7 or later.

Proactive Monitoring: Monitor server process logs for unexpected child processes or unusual commands being executed by the application user.

Compensating Controls: Implement strict containerization or sandboxing for the application to limit the impact if code execution is achieved.

Public Exploit Available: Null

All users of Lumiverse must upgrade to version 0.9.7 immediately. Given the ease of achieving OS-level code execution, this update is essential for maintaining the security and integrity of the hosting environment.