CVE-2026-2544 | yued-fe LuLu UI up to 3.0.0 run.js child_process.exec os command injection

A vulnerability, which was classified as critical, was found in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection.

This vulnerability is reported as CVE-2026-2544. The attack can be launched remotely. No exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More