top of page
perceptive_background_267k.jpg

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and…

Published:

26 maart 2026 om 23:00:00

Alert date:

27 maart 2026 om 22:06:06

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Emerging Technologies

A path traversal vulnerability exists in the awesome-llm-apps project allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. The vulnerability is located in the Beifong AI News and Podcast Agent backend's FastAPI stream-audio endpoint in the stream_audio function. The endpoint accepts user-controlled path parameters that are concatenated into filesystem paths without proper validation. Attackers can exploit this to access sensitive information including configuration files and credentials. The vulnerability affects commit e46690f99c3f08be80a9877fab52acacf7ab8251 from January 19, 2026.

Technical details

Mitigation steps:

Affected products:

awesome-llm-apps
Beifong AI News and Podcast Agent
FastAPI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-29871
https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29871.md

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page