CVE-2026-44451
Received Received - Intake
DOM XSS in Lumiverse via Theme Pack Override

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: GitHub, Inc.

Description
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSource) additionally blocks these identifiers by word-boundary regex. Both controls are bypassed. String-split bypass of the static validator: any blocked identifier can be reconstructed at runtime from string fragments ('ownerDoc' + 'ument'). DOM ref escape from the sandbox: useRef and useEffect are provided in scope. A ref attached to a rendered element gives a live DOM node. From any real DOM node, node['ownerDoc'+'ument']['def'+'aultView'] yields the real window, bypassing all identifier shadows. Theme packs (.lumitheme / .lumiverse-theme) are the shareable delivery mechanism. A malicious pack is an exploit path: the victim imports the file, enables one component override in the Theme Editor, and the payload fires in their authenticated session.This vulnerability is fixed in 0.9.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-44451
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lumiverse lumiverse to 0.9.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects Lumiverse, an AI chat application, prior to version 0.9.7. The issue lies in the component override system, which transpiles user-supplied TSX code and evaluates it in a sandboxed environment that attempts to block dangerous globals like fetch, window, and eval by shadowing them with undefined and using a static source validator to block these identifiers.

However, both protections can be bypassed. Attackers can reconstruct blocked identifiers at runtime by splitting strings (e.g., 'ownerDoc' + 'ument'), bypassing the static validator. Additionally, the sandbox can be escaped by using React hooks like useRef and useEffect to obtain a live DOM node reference, from which the real window object can be accessed, bypassing all shadows.

Malicious theme packs (.lumitheme or .lumiverse-theme) serve as the exploit vector. When a victim imports such a pack and enables a component override in the Theme Editor, the malicious payload executes in their authenticated session. This vulnerability was fixed in version 0.9.7.


How can this vulnerability impact me? :

This vulnerability can have severe impacts because it allows an attacker to execute arbitrary code within the context of an authenticated user's session in Lumiverse.

  • Complete compromise of user session and data confidentiality.
  • Potential unauthorized access to sensitive information accessible through the application.
  • Execution of malicious code that could manipulate or steal data, or perform actions on behalf of the user.
  • Since the exploit uses theme packs, it can be delivered via social engineering or malicious content sharing.

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade Lumiverse to version 0.9.7 or later, where the issue is fixed.

Avoid importing or enabling untrusted theme packs (.lumitheme or .lumiverse-theme) that could contain malicious component overrides.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart