PT-2026-41390 · Git+3 · Pipecat+1

Published

2026-05-15

·

Updated

2026-06-12

·

CVE-2026-44716

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Pipecat versions 0.0.90 through 1.1.x
Description A path traversal issue exists in the development runner within the src/pipecat/runner/run.py file. When the runner is started using the --folder flag, it enables a download endpoint 'GET /files/{filename:path}'. The filename path parameter is concatenated directly to the base folder without a containment check. While literal ../ sequences are normalized by Starlette, using %2F-encoded slashes bypasses this mechanism because the parameter is URL-decoded after routing. This allows an unauthenticated attacker with network access to read any file the process has permission to access, such as system files, credentials, and SSH private keys, by using sequences like ..%2F..%2Fetc%2Fpasswd.
Recommendations Update to version 1.2.0. As a temporary workaround, avoid using the --folder flag when starting the runner to disable the vulnerable download endpoint.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44716
GHSA-3363-2PH6-35WH

Affected Products

Pipecat
Pipecat-Ai