Lucene search
K

31 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-54695

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...

7.5CVSS0.00343EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-54695

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...

7.5CVSS6AI score0.00343EPSS
Exploits1References6Affected Software1
CVE
CVE
added 6 days ago16 views

CVE-2026-54695

CVE-2026-54695 - Pipecat Telephony WebSocket /ws Unauthenticated Call-Control Abuse Pipecat prior to v1.4.0 registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication. An attacker can send a crafted handshake containing a caller-supplied callSid, whic...

7.5CVSS6AI score0.00343EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-458 Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer Summary A critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...

9.8CVSS7AI score0.00701EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/18 3:5 p.m.6 views

Missing Authorization

Overview pipecat-ai is an An open source framework for voice and multimodal assistants Affected versions of this package are vulnerable to Missing Authorization via the telephony WebSocket /ws and plain WebSocket /ws-client endpoints, which accepts attacker-controlled handshake messages containin...

8.7CVSS5.8AI score0.00343EPSS
Exploits1References2
Circl
Circl
added 2026/06/17 2:39 p.m.9 views

CVE-2026-54695

creationtimestamp| type| source ---|---|--- 2026-06-17 14:39:37+00:00| published-proof-of-concept| https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-j8cv-x86q-rj85 2026-07-09 20:26:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqahs45ntd2x...

7.5CVSS5.9AI score0.00343EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-44716

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS5.4AI score0.00423EPSS
Exploits1References1
NVD
NVD
added 2026/06/10 12:16 a.m.17 views

CVE-2026-44716

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS0.00423EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.26 views

Pipecat 路径遍历漏洞

Pipecat is an open-source development framework developed by Pipecat that supports real-time audio and video stream processing as well as AI-powered dialogue interactions. Versions of Pipecat from 0.0.90 to 1.2.0 contained a path traversal vulnerability. This vulnerability stemmed from path...

7.5CVSS8.3AI score0.00423EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:7 p.m.17 views

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS5.4AI score0.00423EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/09 11:7 p.m.15 views

EUVD-2026-35875

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS5.4AI score0.00423EPSS
Exploits1References4
OSV
OSV
added 2026/06/09 11:7 p.m.3 views

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS7.1AI score0.00423EPSS
Exploits1References6
CVE
CVE
added 2026/06/09 11:7 p.m.26 views

CVE-2026-44716

Pipecat AI’s CVE-2026-44716 describes a path-traversal vulnerability in the Pipecat runner's GET /files/{filename:path} endpoint when started with --folder. The filename is joined to the base folder without containment checks, and percent-encoded slashes (e.g., ..%2F..%2F) bypass URL normalisatio...

7.5CVSS5.4AI score0.00423EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/06/09 11:7 p.m.39 views

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS0.00423EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2025-62373

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit...

9.8CVSS6.8AI score0.00701EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/05/15 4:55 p.m.7 views

calibrate-agent (>=0.0.1 <=0.0.43), nvidia-pipecat (=0.4.0) +2 more potentially affected by CVE-2026-44716 via pipecat-ai (>=0.0.90 <=0.0.98)

pipecat-ai PYPI version =0.0.90, =0.0.1, =1.6.1.dev8325111910350515310, =1.7.1.dev260424103102100484 Source cves: CVE-2026-44716 Source advisory: SNYK:PYTHON-PIPECATAI-16700145...

7.5CVSS7.2AI score0.00423EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/15 4:55 p.m.7 views

calibrate-agent (>=0.0.1 <=0.0.43), nvidia-pipecat (=0.4.0) +2 more potentially affected by CVE-2026-44716 via pipecat-ai (>=0.0.90 <=0.0.98)

pipecat-ai PYPI version =0.0.90, =0.0.1, =1.6.1.dev8325111910350515310, =1.7.1.dev260424103102100484 Source cves: CVE-2026-44716 Source advisory: OSV:GHSA-3363-2PH6-35WH...

7.5CVSS7.2AI score0.00423EPSS
Exploits1
OSV
OSV
added 2026/05/15 4:55 p.m.13 views

GHSA-3363-2PH6-35WH Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

7.5CVSS5.9AI score0.00423EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/15 4:55 p.m.14 views

Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

7.5CVSS5.9AI score0.00423EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.21 views

PT-2026-41390

Name of the Vulnerable Software and Affected Versions Pipecat versions 0.0.90 through 1.1.x Description A path traversal issue exists in the development runner within the src/pipecat/runner/run.py file. When the runner is started using the --folder flag, it enables a download endpoint 'GET...

7.5CVSS5.5AI score0.00423EPSS
Exploits1References9
Rows per page
Query Builder