The vulnerability arises from the improper handling of user-supplied input in the backend parameter of the configuration file. When LocalAI initializes a model, it uses this parameter in the name of the process without adequate sanitization. This flaw enables attackers to specify a path to a vulnerable binary file, leading to arbitrary code execution on the system where LocalAI is running.

An attacker crafts a malicious configuration file with a specially crafted backend parameter pointing to a binary file containing malicious code. When LocalAI processes this configuration to initialize a model, the attacker's code is executed, potentially compromising the system.

Any system running LocalAI versions 2.14.0 through 2.15.9 that processes user-supplied configuration files for model initialization is vulnerable to this attack. This includes environments where users can submit custom models or configurations.