CVE Catalog

CVE-2026-44716

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

18th percentile - higher than 18% of all known CVEs

Summary

In Pipecat, from version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in the development runner. This allows an attacker to access files that the pipecat process has permissions for through a single unauthenticated HTTP request.

Risk Assessment

The organization may be exposed to the leakage of sensitive data, such as SSH private keys or credentials, which could lead to serious security incidents.

Recommendation

It is recommended to upgrade Pipecat to version 1.2.0 or later to mitigate this vulnerability. Additionally, conducting an audit of file permissions in the system is advisable.

Original NVD description (English source)

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is started with the --folder flag, it exposes a GET /files/{filename:path} download endpoint. The filename path parameter is concatenated directly onto args.folder with no containment check. Starlette normalises literal ../ sequences in URLs, but %2F-encoded slashes bypass this normalisation: the path parameter is URL-decoded after routing, so ..%2F..%2Fetc%2Fpasswd resolves to a path two levels above args.folder. An attacker with network access to the runner can read any file the pipecat process has permission to access — including SSH private keys, credentials, and system files — with a single unauthenticated HTTP request. This issue has been patched in version 1.2.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS