CVE-2026-5003: Information Disclosure in PromtEngineer localGPT
A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the function handle_index of the file rag_system/api_server.py of the component Web Interface. Performing a manipulation results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
This vulnerability in PromtEngineer localGPT up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054 affects the handle_index function within the rag_system/api_server.py file of the Web Interface component. Remote attackers can exploit this flaw to cause information disclosure. The vulnerability requires no privileges, no user interaction, and has low complexity. The product is delivered via a rolling release, and no specific patched versions have been identified. The vendor was contacted but did not provide any response or remediation guidance. The CVSS 4.0 vector indicates network attack vector, no privileges required, no user interaction, and partial confidentiality impact.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized disclosure of information from the affected system. There is no indication of integrity or availability impact. The vulnerability can be exploited remotely without authentication or user interaction. The exploit has been publicly disclosed, but no known exploits in the wild have been reported. The medium severity score reflects the potential for sensitive information leakage.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should monitor for updates from PromtEngineer. Until a fix is released, consider restricting network access to the affected Web Interface component to trusted users only to reduce exposure.
CVE-2026-5003: Information Disclosure in PromtEngineer localGPT
Description
A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the function handle_index of the file rag_system/api_server.py of the component Web Interface. Performing a manipulation results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in PromtEngineer localGPT up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054 affects the handle_index function within the rag_system/api_server.py file of the Web Interface component. Remote attackers can exploit this flaw to cause information disclosure. The vulnerability requires no privileges, no user interaction, and has low complexity. The product is delivered via a rolling release, and no specific patched versions have been identified. The vendor was contacted but did not provide any response or remediation guidance. The CVSS 4.0 vector indicates network attack vector, no privileges required, no user interaction, and partial confidentiality impact.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized disclosure of information from the affected system. There is no indication of integrity or availability impact. The vulnerability can be exploited remotely without authentication or user interaction. The exploit has been publicly disclosed, but no known exploits in the wild have been reported. The medium severity score reflects the potential for sensitive information leakage.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should monitor for updates from PromtEngineer. Until a fix is released, consider restricting network access to the affected Web Interface component to trusted users only to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-27T13:48:30.630Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c811842b68dbd88ea326aa
Added to database: 3/28/2026, 5:36:04 PM
Last enriched: 4/5/2026, 10:49:39 AM
Last updated: 5/12/2026, 2:24:51 PM
Views: 85
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.