Threats Tagged 'cve-2026-27897'
View all threats tagged with 'cve-2026-27897'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-27897'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-27897: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in WanderingAstronomer VociferousCVE-2026-27897 0 Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI dialog to handle the file path, the API does not validate the filename string before it is processed by the backends filesystem logic. Because the API is unauthenticated and the CORS configuration in app.py is overly permissive (allow_origins=["*"] or allowing localhost), an external attacker can bypass the UI entirely. By using directory traversal sequences (../), an attacker can force the app to write arbitrary data to any location accessible by the current user's permissions. This vulnerability is fixed in 4.4.2. Join the discussion | CVE Database V5 | 03/11/2026, 15:30:19 UTC Added: 03/11/2026, 15:59:57 UTC |
Showing 1 to 1 of 1 result