{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29871", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-27T20:26:22.909Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-27T14:41:22.519Z"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path parameter that is concatenated into a filesystem path without proper validation or restriction. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files from the server filesystem, potentially disclosing sensitive information such as configuration files and credentials."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29871.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T20:25:22.391486Z", "id": "CVE-2026-29871", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:26:22.909Z"}}]}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path parameter that is concatenated into a filesystem path without proper validation or restriction. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files from the server filesystem, potentially disclosing sensitive information such as configuration files and credentials."}], "id": "CVE-2026-29871", "lastModified": "2026-03-27T15:16:52.067", "metrics": {}, "published": "2026-03-27T15:16:52.067", "references": [{"source": "cve@mitre.org", "url": "https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29871.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T16:50:55.438621+00:00", "value": {"mitigation_remediation": ["Deploy the fixed version of awesome-llm-apps that resolves the path traversal issue.", "If no patch is immediately available, add input validation to the stream-audio endpoint to restrict file access to a predetermined safe directory or only allow specific file types.", "Require authentication before accepting path parameters on the stream-audio endpoint.", "Monitor application logs for attempted path traversal or unauthorized file read attempts."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in the awesome-llm-apps project, specifically in the Beifong AI News and Podcast Agent backend built with FastAPI. It resides in routers/podcast_router.py at the stream-audio route and is tied to commit e46690f99c3f08be80a9877fab52acacf7ab8251. Any deployment exposing this endpoint without authentication or proper input sanitization is susceptible. No specific vendor version information is provided.", "description_and_impact": "A path traversal weakness in the Beifong AI News and Podcast Agent backend permits an unauthenticated attacker to read any file on the server. The stream-audio endpoint concatenates a user-supplied path into a filesystem location without validation, enabling direct disclosure of configuration files, credentials, and other sensitive data. This flaw exposes the confidentiality of the system.", "risk_and_exploitability": "No CVSS or EPSS scores are available, but the flaw can be exploited remotely via a crafted path parameter to the stream-audio endpoint. The attacker requires no credentials and merely sends a request to the exposed URL. While the exact frequency of exploitation is unknown, the simplicity of the input manipulation makes the vulnerability a significant risk to confidentiality. As the vulnerability is not listed in KEV, it may not yet be widely exploited, but the potential impact warrants immediate attention."}}}}, "created": "2026-03-27T20:29:01.948523+00:00", "title": "Path Traversal in Beifong AI News and Podcast Agent Backend Enables Arbitrary File Read", "updated": "2026-03-27T20:29:01.948558+00:00", "vendors": [], "weaknesses": ["CWE-22", "CWE-200"]}