Critical severity9.1OSV Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2024-11042
CVE-2024-11042
Description
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
InvokeAIPyPI | < 5.3.0rc1 | 5.3.0rc1 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.