PT-2026-41390 · Git+3 · Pipecat+1
Published
2026-05-15
·
Updated
2026-06-12
·
CVE-2026-44716
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pipecat versions 0.0.90 through 1.1.x
Description
A path traversal issue exists in the development runner within the
src/pipecat/runner/run.py file. When the runner is started using the --folder flag, it enables a download endpoint 'GET /files/{filename:path}'. The filename path parameter is concatenated directly to the base folder without a containment check. While literal ../ sequences are normalized by Starlette, using %2F-encoded slashes bypasses this mechanism because the parameter is URL-decoded after routing. This allows an unauthenticated attacker with network access to read any file the process has permission to access, such as system files, credentials, and SSH private keys, by using sequences like ..%2F..%2Fetc%2Fpasswd.Recommendations
Update to version 1.2.0.
As a temporary workaround, avoid using the
--folder flag when starting the runner to disable the vulnerable download endpoint.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pipecat
Pipecat-Ai