CVE 9.3 CRITICAL

Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass_CVE-2026-44451

May 26, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Description

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSource) additionally blocks these identifiers by word-boundary regex. Both controls are bypassed. String-split bypass of the static validator: any blocked identifier can be reconstructed at runtime from string fragments ('ownerDoc' + 'ument'). DOM ref escape from the sandbox: useRef and useEffect are provided in scope. A ref attached to a rendered element gives a live DOM node. From any real DOM node, node['ownerDoc'+'ument']['def'+'aultView'] yields the real window, bypassing all identifier shadows. Theme packs (.lumitheme / .lumiverse-theme) are the shareable delivery mechanism. A malicious pack is an exploit path: the victim imports the file, enables one component override in the Theme Editor, and the payload fires in their authenticated session.This vulnerability is fixed in 0.9.7.

AI Analysis

TSX component sandbox escape via DOM ref and string-split identifier bypass

Basic Information

ID CVE-2026-44451

Source GitHub_M

Published May 26, 2026 at 19:58

Affected Product

Vendor prolix-oc

Product Lumiverse

Version < 0.9.7

Affected Versions prolix-oc Lumiverse < 0.9.7

CWE Classification

CWE-693

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor prolix-oc

Product Lumiverse

Version < 0.9.7

References

github.com /prolix-oc/Lumiverse/security/advisories/GHSA-rgp6-55rw-5xf4

{
    "lastseen": "",
    "description": "Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSource) additionally blocks these identifiers by word-boundary regex. Both controls are bypassed. String-split bypass of the static validator: any blocked identifier can be reconstructed at runtime from string fragments ('ownerDoc' + 'ument'). DOM ref escape from the sandbox: useRef and useEffect are provided in scope. A ref attached to a rendered element gives a live DOM node. From any real DOM node, node['ownerDoc'+'ument']['def'+'aultView'] yields the real window, bypassing all identifier shadows. Theme packs (.lumitheme / .lumiverse-theme) are the shareable delivery mechanism. A malicious pack is an exploit path: the victim imports the file, enables one component override in the Theme Editor, and the payload fires in their authenticated session.This vulnerability is fixed in 0.9.7.",
    "published": "2026-05-26T19:58:37.036Z",
    "modified": "2026-05-26T19:58:37.036Z",
    "type": "cve",
    "title": "Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass",
    "source": "GitHub_M",
    "references": "https://github.com/prolix-oc/Lumiverse/security/advisories/GHSA-rgp6-55rw-5xf4",
    "id": "CVE-2026-44451",
    "bulletinFamily": "",
    "cwe": [
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "prolix-oc Lumiverse < 0.9.7",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Lumiverse",
    "version": "< 0.9.7",
    "vendor": "prolix-oc",
    "ai_description": "TSX component sandbox escape via DOM ref and string-split identifier bypass",
    "ai_severity": "Critical",
    "ai_vendor": "prolix-oc",
    "ai_product": "Lumiverse",
    "ai_version": "< 0.9.7",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply