HIGH
pipecat-ai
CVE published 2026-06-10
CVE-2026-44716
CVE-2026-44716 is a high-severity path traversal vulnerability in Pipecat, a Python framework for building real-time voice and multimodal conversational agents. The vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py) from version 0.0.90 to before version 1.2.0. When the runner is started with the --folder flag, it exposes a GET /files/{filename:path} download endpoint. The fil [truncated]