PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44716 pipecat-ai CVE debrief

CVE-2026-44716 is a high-severity path traversal vulnerability in Pipecat, a Python framework for building real-time voice and multimodal conversational agents. The vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py) from version 0.0.90 to before version 1.2.0. When the runner is started with the --folder flag, it exposes a GET /files/{filename:path} download endpoint. The filename path parameter is concatenated directly onto args.folder with no containment check, allowing an attacker to read any file the pipecat process has permission to access, including SSH private keys, credentials, and system files, with a single unauthenticated HTTP request.

Vendor
pipecat-ai
Product
pipecat
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-10
Original CVE updated
2026-06-12
Advisory published
2026-06-10
Advisory updated
2026-06-12

Who should care

Users of Pipecat versions 0.0.90 to 1.2.0, administrators of systems running Pipecat, and security teams monitoring for potential path traversal attacks.

Technical summary

The vulnerability is caused by a lack of proper input validation in the Pipecat development runner. Specifically, the filename path parameter in the GET /files/{filename:path} endpoint is not properly sanitized, allowing an attacker to traverse the file system and access files outside of the intended directory.

Defensive priority

High

Recommended defensive actions

  • Upgrade to Pipecat version 1.2.0 or later.
  • Limit access to the Pipecat development runner to only trusted users and networks.
  • Monitor for suspicious activity, such as unusual file access requests.

Evidence notes

CVE-2026-44716 has a CVSS score of 7.5 and is considered a high-severity vulnerability. The vulnerability was patched in Pipecat version 1.2.0.

Official resources

CVE-2026-44716 was published on 2026-06-10T00:16:53.110Z and modified on 2026-06-12T14:00:16.413Z.