CVE-2026-44451
CriticalSummary
Lumiverse is an AI chat application that prior to version 0.9.7 had a component override system that could be bypassed. Users could supply TSX code that was processed and could access dangerous global objects like fetch and window.
Risk Assessment
The organization is at risk of attacks that could lead to unauthorized access to the DOM and potential data leakage when a malicious theme pack is imported by a victim.
Recommendation
It is recommended to update Lumiverse to version 0.9.7 or later and to implement additional security controls when importing theme packs.
Original NVD description (English source)
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSource) additionally blocks these identifiers by word-boundary regex. Both controls are bypassed. String-split bypass of the static validator: any blocked identifier can be reconstructed at runtime from string fragments ('ownerDoc' + 'ument'). DOM ref escape from the sandbox: useRef and useEffect are provided in scope. A ref attached to a rendered element gives a live DOM node. From any real DOM node, node['ownerDoc'+'ument']['def'+'aultView'] yields the real window, bypassing all identifier shadows. Theme packs (.lumitheme / .lumiverse-theme) are the shareable delivery mechanism. A malicious pack is an exploit path: the victim imports the file, enables one component override in the Theme Edito

