Executive Summary

CVE-2026-44716 is a path traversal vulnerability in Pipecat's development runner, specifically in the /files/{filename:path} download endpoint when started with the --folder flag.

The vulnerability occurs because the filename path parameter is concatenated directly onto the base folder path without proper containment checks. While the Starlette framework normalizes literal '../' sequences in URLs, it does not normalize percent-encoded slashes (%2F). This allows attackers to bypass the normalization by encoding path separators, enabling them to traverse outside the intended directory.

An attacker with network access can send a single unauthenticated HTTP request with encoded path traversal sequences to read any file that the Pipecat process has permission to access, including sensitive files such as SSH private keys, credentials, and system files.

This issue affects Pipecat versions from 0.0.90 up to but not including 1.2.0 and has been patched in version 1.2.0.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an unauthenticated attacker with network access to read any file accessible by the Pipecat process on the affected system.

• Exposure of sensitive files such as SSH private keys.
• Disclosure of credentials and system files.
• Potential compromise of system security and confidentiality due to unauthorized file access.

Because the attack requires no authentication and can be performed remotely, it poses a high risk to affected systems.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an unauthenticated attacker with network access to the Pipecat development runner to read any file that the Pipecat process has permission to access, including sensitive files such as SSH private keys, credentials, and system files.

This unauthorized access to sensitive information could lead to violations of data protection regulations and standards such as GDPR and HIPAA, which require strict controls over the confidentiality and security of personal and sensitive data.

Specifically, the exposure of credentials and private keys could result in unauthorized data access or breaches, undermining compliance with confidentiality and data protection requirements mandated by these regulations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unauthenticated HTTP GET requests to the /files/{filename:path} endpoint on the Pipecat development runner, especially those containing URL-encoded path traversal sequences such as %2F or ..%2F.

A simple detection method is to look for suspicious requests that attempt to access files outside the intended folder by using encoded slashes or directory traversal patterns.

• Use network monitoring tools or web server logs to search for requests matching the pattern: GET /files/ with encoded traversal sequences like ..%2F or %2F.
• Example command to search logs for suspicious requests (assuming logs are in access.log):
• grep -E 'GET /files/.*(%2F|\.\./)' access.log
• Use curl or similar tools to test the endpoint for path traversal by sending crafted requests, for example:
• curl -v 'http://<pipecat-runner-host>:<port>/files/..%2F..%2Fetc%2Fpasswd'

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Pipecat to version 1.2.0 or later, where this path traversal vulnerability has been patched.

If upgrading immediately is not possible, restrict network access to the Pipecat development runner to trusted users only, as the vulnerability can be exploited by any unauthenticated network user.

Additionally, consider disabling the runner's --folder flag or the /files endpoint if it is not required.

The fix in version 1.2.0 involves validating and resolving requested file paths to ensure they remain within the allowed directory, rejecting any path traversal attempts with a 403 Forbidden response.

Useful 0 Not Useful 0