CVE-2026-44449
Description
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation. smbclient interprets ; as a subcommand separator and !cmd as a local-shell escape that runs cmd on the host. A path whose directory component is clean but whose basename contains "; !; echo " achieves arbitrary command execution on the Lumiverse server. This vulnerability is fixed in 0.9.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Lumiverse <0.9.7, SMBFileSystem.exists() falls back to an unvalidated basename concatenation, allowing command injection via smbclient's !cmd escape.
Vulnerability
The SMBFileSystem.exists() method in Lumiverse prior to version 0.9.7 validates paths using toSmbPath(), which rejects shell metacharacters like ", ;, and !. However, when toSmbPath(fullPath) throws, the method falls back to splitting the path into directory and basename via posix.dirname and posix.basename, and only validates the directory component. The basename is concatenated directly into the smbclient -c script without sanitization. [1]
Exploitation
An attacker needs to provide a path whose directory part is clean but whose basename contains a payload such as "; !; echo ". The smbclient utility interprets ; as a subcommand separator and !cmd as a local-shell escape. This allows arbitrary command execution on the server. No authentication is required if the application exposes the path endpoint to unauthenticated users, but typically some user interaction is needed to trigger the exists() call. [1]
Impact
Successful exploitation allows an attacker to execute arbitrary commands on the Lumiverse server, leading to full system compromise, data exfiltration, or lateral movement. The attacker gains the same privileges as the Lumiverse process. [1]
Mitigation
The vulnerability is fixed in Lumiverse version 0.9.7. Users are advised to upgrade immediately. There are no known workarounds. If unable to upgrade, restrict access to the affected functionality. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<0.9.7+ 1 more
- (no CPE)range: <0.9.7
- (no CPE)range: <0.9.7
Package: https://npmjs.com/package/lumiverse
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation on the basename in the fallback path of SMBFileSystem.exists() allows shell metacharacter injection into the smbclient command."
Attack vector
An attacker with Owner or Admin role sends a POST request to `/api/v1/st-migration/test-connection` (or `/validate`, `/scan`) with an SMB connection config and a crafted `path` value [ref_id=1]. The path's directory component must be clean (e.g., `/validdir`) so `toSmbPath(dir)` succeeds, while the basename contains shell metacharacters such as `"; !touch /tmp/poc; echo "` [ref_id=1]. Because `smbclient` interprets `;` as a subcommand separator and `!cmd` as a local-shell escape, the injected command executes on the Lumiverse server host [ref_id=1].
Affected code
The vulnerability resides in the `exists()` method of `SMBFileSystem`. When `toSmbPath(fullPath)` throws (due to shell metacharacters), the fallback path uses `posix.dirname(path)` and `posix.basename(path)` — only the directory is validated via `toSmbPath()`, while the basename is concatenated directly into the `smbclient -c` script without any sanitization [ref_id=1].
What the fix does
The advisory states the fix is in Lumiverse version 0.9.7 [ref_id=1]. No patch diff is included in the bundle, but the remediation logically requires validating the basename component (or the entire fallback path) through `toSmbPath()` before it is interpolated into the `smbclient` command, or escaping shell metacharacters in the basename before concatenation [ref_id=1].
Preconditions
- authAttacker must hold Owner or Admin role on the Lumiverse server
- networkAttacker must have network access to the Lumiverse API endpoint (e.g., POST /api/v1/st-migration/test-connection)
- inputThe injected command must not contain '/' to avoid shifting the posix.dirname boundary
Reproduction
POST /api/v1/st-migration/test-connection with Cookie: better-auth.session_token=<owner or admin session> and JSON body: {"connection": {"type": "smb", "host": "<smb_host>", "share": "<share_name>", "username": "<user>", "password": "<pass>"}, "path": "/validdir/readme\"; !touch lumiverse_smb_poc; echo \""} [ref_id=1]. The resulting smbclient command becomes `cd "validdir"; ls "readme"; !touch lumiverse_smb_poc; echo ""`, causing `!touch lumiverse_smb_poc` to execute on the host [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.