CVE-2024-6331: stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI
highvulnerabilityLLM-Specific
security
Summary
A vulnerability in the stitionai/devika AI project allows attackers to read sensitive files on a computer through prompt injection (tricking an AI by hiding malicious instructions in its input). The problem occurs because Google Gemini's safety filters were disabled, which normally prevent harmful outputs, leaving the system open to commands like reading `/etc/passwd` (a file containing user account information).
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Google
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-6331
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%