PatchSiren cyber security CVE debrief
CVE-2026-10044 Usagi-org CVE debrief
CVE-2026-10044 documents an unauthenticated arbitrary file read vulnerability in Usagi-org ai-goofish-monitor affecting Windows deployments. The vulnerability resides in the GET /api/prompts/{filename} endpoint, where an incomplete path traversal guard allows attackers to bypass restrictions by supplying absolute Windows paths or backslash-based traversal sequences. The guard only blocks forward slashes and '..' sequences, enabling os.path.join to discard the intended prompts directory prefix when absolute paths are provided, resulting in exposure of files accessible to the application process. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, and high confidentiality impact. The weakness is classified as CWE-36 (Absolute Path Traversal). The vulnerability was disclosed via Vulncheck and published to NVD on 2026-05-28. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA KEV.
- Vendor
- Usagi-org
- Product
- ai-goofish-monitor
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-28
- Original CVE updated
- 2026-05-30
- Advisory published
- 2026-05-28
- Advisory updated
- 2026-05-30
Who should care
Organizations running ai-goofish-monitor on Windows in production environments; security teams monitoring for path traversal vulnerabilities; developers maintaining Python applications using os.path.join for path construction
Technical summary
The ai-goofish-monitor application on Windows fails to properly sanitize filename parameters in the GET /api/prompts/{filename} endpoint. The existing guard only blocks forward slash characters and '..' sequences, permitting attackers to use absolute Windows paths (e.g., C:/Windows/system.ini) or backslash-based traversal. When os.path.join receives an absolute path as its second argument, it discards the first argument (the intended prompts directory), causing the application to read files from attacker-specified locations. This allows unauthenticated remote attackers to read arbitrary files accessible to the application process.
Defensive priority
HIGH
Recommended defensive actions
- Review and restrict access to the GET /api/prompts/{filename} endpoint until patched
- Apply input validation that rejects absolute paths and backslash traversal sequences, not only forward slashes and '..'
- Deploy patches from pull request 489 when available
- Implement principle of least privilege for the application process to limit file exposure
- Monitor for anomalous requests to /api/prompts/ containing Windows absolute paths or backslash patterns
- Consider Web Application Firewall rules to block path traversal attempts using backslash sequences
Evidence notes
Vulnerability disclosed by Vulncheck; NVD record shows vulnStatus 'Received' with CVSS 4.0 scoring. References include GitHub issue #488, pull request #489, and Vulncheck advisory. Weakness identified as CWE-36.
Official resources
2026-05-28