CVE-2026-27897
Published: 11 March 2026
Summary
CVE-2026-27897 is a critical-severity Path Traversal (CWE-22) vulnerability in Wanderingastronomer Vociferous. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the filename input in the export_file API to prevent directory traversal sequences like '../' from reaching filesystem logic.
Enforces authentication and authorization policies for the unauthenticated export_file API endpoint to block external attacker access.
Limits damage from successful arbitrary file writes by restricting the application's permissions to least privilege necessary for its functions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated remote exploitation of a public-facing API endpoint through path traversal, allowing arbitrary file writes, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI…
more
dialog to handle the file path, the API does not validate the filename string before it is processed by the backends filesystem logic. Because the API is unauthenticated and the CORS configuration in app.py is overly permissive (allow_origins=["*"] or allowing localhost), an external attacker can bypass the UI entirely. By using directory traversal sequences (../), an attacker can force the app to write arbitrary data to any location accessible by the current user's permissions. This vulnerability is fixed in 4.4.2.
Deeper analysisAI
CVE-2026-27897 is a critical vulnerability (CVSS 10.0, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) in Vociferous, a cross-platform, offline speech-to-text application featuring local AI refinement. It affects versions prior to 4.4.2 and stems from improper input validation in the export_file route of src/api/system.py. The endpoint accepts a JSON payload with a filename and content but does not sanitize the filename before passing it to the backend filesystem logic, enabling path traversal (CWE-22). This is compounded by missing authentication for the critical function (CWE-306).
An external, unauthenticated attacker can exploit this by directly targeting the API endpoint, bypassing the intended native UI dialog for file handling. The overly permissive CORS policy in app.py (allow_origins=["*"] or allowing localhost) facilitates cross-origin requests from malicious web pages. By injecting directory traversal sequences like "../" into the filename field, the attacker can write arbitrary data to any filesystem location accessible by the application's running user permissions, potentially leading to full system compromise depending on the user's privileges.
The vulnerability is fixed in Vociferous 4.4.2. Security practitioners should upgrade to this version immediately. Additional details are available in the GitHub security advisory at https://github.com/WanderingAstronomer/Vociferous/security/advisories/GHSA-7cpr-frgj-h85v.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai