HIGH
Usagi-org
CVE published 2026-05-28
CVE-2026-10044
CVE-2026-10044 documents an unauthenticated arbitrary file read vulnerability in Usagi-org ai-goofish-monitor affecting Windows deployments. The vulnerability resides in the GET /api/prompts/{filename} endpoint, where an incomplete path traversal guard allows attackers to bypass restrictions by supplying absolute Windows paths or backslash-based traversal sequences. The guard only blocks forward slashes a [truncated]