Abusing an Unauthenticated Local Server to Overwrite LLM Wiki

Local HTTP servers in desktop apps are easy to overlook during a security review. They don't show up in bug bounty scopes, they're not publicly routable, and developers rarely treat them as a trust bo