CVE-2026-10044
Unauthenticated Arbitrary File Read in Usagi-org ai-goofish-monitor
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| usagi-org | ai-goofish-monitor | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-36 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Usagi-org ai-goofish-monitor software on Windows systems. It allows unauthenticated remote attackers to read arbitrary files on the system by exploiting the GET /api/prompts/{filename} endpoint. The vulnerability arises because the application attempts to block path traversal attacks by filtering out forward slashes and '..' sequences, but attackers can bypass this by supplying absolute Windows file paths or backslash-based traversal sequences. This causes the path joining function to ignore the intended directory restriction and expose files accessible to the application process.
How can this vulnerability impact me? :
This vulnerability can allow attackers to read sensitive files on the affected system without any authentication. This could lead to exposure of confidential information, system files, or configuration data that could be used for further attacks or to compromise the system's security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote attackers to read arbitrary files on Windows deployments of the ai-goofish-monitor application by bypassing path traversal protections. This unauthorized file access could potentially expose sensitive or personal data stored on the affected system.
Such unauthorized disclosure of sensitive information may lead to non-compliance with data protection regulations and standards like GDPR or HIPAA, which require strict controls over access to personal and protected health information.
Therefore, if the exposed files contain regulated personal or health data, this vulnerability could result in violations of these compliance requirements due to the lack of authentication and improper access controls.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the vulnerable endpoint with specially crafted requests that exploit the path traversal flaw. Specifically, you can send HTTP GET requests to the /api/prompts/{filename} endpoint using absolute Windows paths or backslash-based traversal sequences to see if arbitrary files are returned.
For example, on a Windows deployment, you can test by requesting sensitive system files such as the hosts file using a command like:
- curl -v http://<target-ip-or-host>/api/prompts/C:\Windows\System32\drivers\etc\hosts
If the response returns the contents of the file with HTTP 200 status without authentication, it indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the ai-goofish-monitor application to a version that includes the fix for this vulnerability.
The fix replaces the incomplete denylist path traversal guard with a robust path validation method using Path.resolve() to ensure that resolved file paths remain within the intended prompts directory, preventing absolute path traversal.
Specifically, apply the patch introduced in commit f85d140, which adds a helper function to safely resolve and validate file paths and updates the relevant API endpoint handlers to use this function.
Until the update can be applied, consider restricting access to the /api/prompts/{filename} endpoint via network controls or firewall rules to trusted users only, as the vulnerability allows unauthenticated remote file reads.