CVE-2026-29871
Received Received - Intake
Path Traversal in awesome-llm-apps FastAPI Allows Arbitrary File Read

Publication date: 2026-03-27

Last updated on: 2026-04-02

Assigner: MITRE

Description
A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path parameter that is concatenated into a filesystem path without proper validation or restriction. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files from the server filesystem, potentially disclosing sensitive information such as configuration files and credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29871
EUVD
EUVD-2026-16640
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
theunwindai awesome_llm_apps to 2026-01-19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal issue in the Beifong AI News and Podcast Agent backend, specifically in the FastAPI stream-audio endpoint. The endpoint accepts a filename parameter from the user and concatenates it directly with a fixed directory path without validating or normalizing the input.

Because the input is not sanitized, an attacker can include traversal sequences like "../" to escape the intended directory and access arbitrary files on the server's filesystem.

This allows an unauthenticated remote attacker to read sensitive files such as configuration files, credentials, API keys, internal source code, or logs by requesting paths outside the designated audio directory.

Impact Analysis

The primary impact of this vulnerability is a severe breach of confidentiality. An attacker can remotely and without authentication read any file accessible by the application on the server.

This can lead to disclosure of sensitive information such as environment variables, API keys, database credentials, internal source code, and logs.

There is no impact on the integrity or availability of the system, but the exposure of sensitive data can lead to further attacks or compromise of the system.

Detection Guidance

This vulnerability can be detected by attempting to access files outside the intended directory via the vulnerable endpoint `/stream-audio/{filename}` using path traversal payloads.

A practical detection method is to send HTTP requests with crafted filenames containing traversal sequences like `../` to see if arbitrary files can be read.

For example, using curl with the `--path-as-is` option to prevent curl from normalizing the path, you can test if the server returns sensitive files such as `.env`.

  • curl --path-as-is http://<target-host>/stream-audio/../../.env

If the server responds with the contents of the `.env` file or other files outside the intended directory, the vulnerability is present.

Mitigation Strategies

Immediate mitigation involves implementing proper validation and containment checks on the user-supplied path parameter before accessing the filesystem.

Specifically, use Python's pathlib to resolve and verify that the requested file path is within the allowed base directory.

  • Define a base directory, e.g., BASE_DIR = Path("podcasts/audio").resolve()
  • Resolve the requested path and check if it is relative to BASE_DIR using requested_path.is_relative_to(BASE_DIR)
  • If the check fails, return an HTTP 403 Forbidden response to block access.

Serve files only after successful validation, for example using FastAPI's FileResponse.

These steps prevent path traversal by rejecting any request attempting to access files outside the designated directory.

Compliance Impact

This vulnerability allows unauthenticated remote attackers to read arbitrary files on the server, including sensitive files such as configuration files and credentials. Such unauthorized disclosure of sensitive information can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over the confidentiality and security of personal and sensitive data.

Because the vulnerability compromises confidentiality by exposing potentially sensitive data without authorization, it undermines compliance with standards that mandate protecting sensitive information from unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29871. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart