← back
CVE-2026-2544

yued-fe LuLu UI run.js child_process.exec os command injection

CVSS 6.9 MEDIUMEPSS 2.0%CWE-77CWE-78
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Affected products
yued-fe · LuLu UI

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/lakshayyverma/CVE-Discovery/blob/main/lulu.mdhttps://vuldb.com/?ctiid.346153https://vuldb.com/?id.346153https://vuldb.com/?submit.749722