yued-fe LuLu UI run.js child_process.exec os command injection_CVE-2026-2544

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-2544

Source VulDB

Published Feb 16, 2026 at 07:32

Affected Product

Vendor yued-fe

Product LuLu UI

Version 3.0

Affected Versions yued-fe LuLu UI 3.0

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-16T07:32:06.183Z",
    "modified": "2026-02-16T07:32:06.183Z",
    "type": "cve",
    "title": "yued-fe LuLu UI run.js child_process.exec os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346153\nhttps://vuldb.com/?ctiid.346153\nhttps://vuldb.com/?submit.749722\nhttps://github.com/lakshayyverma/CVE-Discovery/blob/main/lulu.md",
    "id": "CVE-2026-2544",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "yued-fe LuLu UI 3.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LuLu UI",
    "version": "3.0",
    "vendor": "yued-fe",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}