CVE-2026-29871
Published: 27 March 2026
Summary
CVE-2026-29871 is a high-severity Path Traversal (CWE-22) vulnerability in Theunwindai Awesome Llm Apps. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates path traversal by requiring validation of the user-controlled path parameter in the stream_audio function to reject directory traversal sequences like '../'.
Enforces approved access authorizations on filesystem resources, preventing the stream-audio endpoint from reading arbitrary files outside intended directories.
Restricts inputs to the stream-audio endpoint to approved path formats and sources, limiting exposure to malicious filesystem traversal attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in unauthenticated public-facing FastAPI endpoint directly enables remote arbitrary file read (T1005), including credentials/configs (T1552.001), via exploitation of a web app vuln (T1190).
NVD Description
A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path…
more
parameter that is concatenated into a filesystem path without proper validation or restriction. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files from the server filesystem, potentially disclosing sensitive information such as configuration files and credentials.
Deeper analysisAI
CVE-2026-29871 is a path traversal vulnerability (CWE-22) affecting the awesome-llm-apps project at commit e46690f99c3f08be80a9877fab52acacf7ab8251, dated 2026-01-19. It resides in the Beifong AI News and Podcast Agent backend, built with FastAPI, specifically in the stream-audio endpoint defined in the file routers/podcast_router.py within the stream_audio function. The vulnerability arises because the endpoint accepts a user-controlled path parameter that is concatenated directly into a filesystem path without proper validation or restriction, enabling unauthorized file access.
An unauthenticated remote attacker can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L), no privileges (PR:N), no user interaction (UI:N), and unchanged scope (S:U). By supplying a crafted path parameter, such as one using directory traversal sequences, the attacker can read arbitrary files from the server filesystem. This may disclose sensitive information, including configuration files and credentials, with a CVSS v3.1 base score of 7.5 (C:H/I:N/A:N) indicating high confidentiality impact.
Mitigation details and additional information are available in the security research advisory at https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29871.md, published on 2026-03-27.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm, ai