Skip to main content

ai-goofish-monitor CVE-2026-10044

| EUVDEUVD-2026-33061 HIGH
Absolute Path Traversal (CWE-36)
2026-05-28 VulnCheck GHSA-93rg-qjp9-mg35
8.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
May 28, 2026 - 22:30 vuln.today
v3 (cvss_changed)
Analysis Updated
May 28, 2026 - 22:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 28, 2026 - 22:22 vuln.today
cvss_changed
CVSS changed
May 28, 2026 - 22:22 NVD
7.5 (HIGH) 8.2 (HIGH)
Source Code Evidence Fetched
May 28, 2026 - 21:52 vuln.today
Analysis Generated
May 28, 2026 - 21:52 vuln.today
CVE Published
May 28, 2026 - 21:02 nvd
HIGH 7.5

DescriptionCVE.org

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal sequences. Attackers can bypass the incomplete path traversal guard, which only blocks forward slashes and '..', by providing absolute paths such as Windows system file locations, causing os.path.join to discard the intended prompts directory prefix and expose files accessible to the application process.

AnalysisAI

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows paths or backslash traversal bypass it entirely. Publicly available exploit code exists and a vendor patch has been released; this issue was reported by VulnCheck.

Technical ContextAI

ai-goofish-monitor is a Python/FastAPI-based monitoring application (cpe:2.3:a:usagi-org:ai-goofish-monitor) that exposes a prompts management API. The root cause is CWE-36 (Absolute Path Traversal): the handler validates filenames with a blocklist (if "/" in filename or ".." in filename) and then calls os.path.join("prompts", filename). Per Python's documented behavior, when a component passed to os.path.join is an absolute path, all previous components are discarded, so supplying an absolute Windows path like C:\Windows\win.ini causes the prompts directory prefix to be dropped. Backslashes are not in the blocklist, so directory separators on Windows also evade the check. The fix in PR #489 replaces the blocklist with a containment check using pathlib's Path.resolve() and relative_to(_PROMPTS_DIR).

RemediationAI

Upstream fix available (PR/commit); released patched version not independently confirmed - apply the patch from https://github.com/Usagi-org/ai-goofish-monitor/pull/489, which introduces a _safe_prompt_path helper that resolves the requested filename against a canonicalized prompts directory and rejects anything outside it via Path.resolve().relative_to(_PROMPTS_DIR). If immediate patching is not possible, block external access to the GET /api/prompts/{filename} endpoint at a reverse proxy or WAF (side effect: legitimate prompt retrieval will break), or run the service behind authentication; on Windows specifically, run the process under a low-privilege service account with file system ACLs that deny read on sensitive paths such as C:\Windows\, configuration files, and any application secrets to reduce the value of a successful read. Monitor for requests to /api/prompts/ containing drive letters, colons, or backslashes. Track the vendor advisory at https://www.vulncheck.com/advisories/ai-goofish-monitor-unauthenticated-arbitrary-file-read-via-get-api-prompts for the tagged release version.

Share

CVE-2026-10044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy