Description
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSource) additionally blocks these identifiers by word-boundary regex. Both controls are bypassed. String-split bypass of the static validator: any blocked identifier can be reconstructed at runtime from string fragments ('ownerDoc' + 'ument'). DOM ref escape from the sandbox: useRef and useEffect are provided in scope. A ref attached to a rendered element gives a live DOM node. From any real DOM node, node['ownerDoc'+'ument']['def'+'aultView'] yields the real window, bypassing all identifier shadows. Theme packs (.lumitheme / .lumiverse-theme) are the shareable delivery mechanism. A malicious pack is an exploit path: the victim imports the file, enables one component override in the Theme Editor, and the payload fires in their authenticated session.This vulnerability is fixed in 0.9.7.
Published: 2026-05-26
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Lumiverse’s component override system compiles user‑supplied TSX through Sucrase and executes it with new Function, expecting to block dangerous globals by setting them to undefined and by static validation that rejects certain identifiers. Both measures are bypassed: a string‑split technique reconstructs blocked identifiers at runtime, and a DOM reference escape exposes the real window object via a referenced element’s document property. The result is that malicious code runs in the context of the authenticated user, giving full remote code execution within that session.

Affected Systems

The vulnerability affects the Lumiverse application from the vendor prolix‑oc. Versions earlier than 0.9.7 are affected. The issue is present in the component override system that processes theme packages (files with .lumitheme or .lumiverse‑theme extensions).

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog. The attack requires an authenticated user to import an attacker‑supplied theme and enable a component override through the Theme Editor. From there, the payload runs with the privileges of the user, allowing exfiltration or modification of any data the user can access. The exploit is relatively simple, needing only UI interaction, making it high risk for environments that allow external theme files.

Generated by OpenCVE AI on May 26, 2026 at 21:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Lumiverse to version 0.9.7 or later to apply the vendor fix. 
  • Restrict the Theme Editor’s component override capability to trusted administrators only, preventing untrusted users from adding overrides. 
  • Audit all existing theme files for suspicious code and remove or re‑author any that appear tampered with.

Generated by OpenCVE AI on May 26, 2026 at 21:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSource) additionally blocks these identifiers by word-boundary regex. Both controls are bypassed. String-split bypass of the static validator: any blocked identifier can be reconstructed at runtime from string fragments ('ownerDoc' + 'ument'). DOM ref escape from the sandbox: useRef and useEffect are provided in scope. A ref attached to a rendered element gives a live DOM node. From any real DOM node, node['ownerDoc'+'ument']['def'+'aultView'] yields the real window, bypassing all identifier shadows. Theme packs (.lumitheme / .lumiverse-theme) are the shareable delivery mechanism. A malicious pack is an exploit path: the victim imports the file, enables one component override in the Theme Editor, and the payload fires in their authenticated session.This vulnerability is fixed in 0.9.7.
Title Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass
Weaknesses CWE-693
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-26T19:58:37.036Z

Reserved: 2026-05-06T15:49:25.192Z

Link: CVE-2026-44451

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T21:16:38.303

Modified: 2026-05-26T21:16:38.303

Link: CVE-2026-44451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T22:00:15Z

Weaknesses