Cyber Posture

CVE-2026-27897

CriticalPublic PoC

Published: 11 March 2026

Published
11 March 2026
Modified
20 March 2026
KEV Added
Patch
CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 31.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI…

more

dialog to handle the file path, the API does not validate the filename string before it is processed by the backends filesystem logic. Because the API is unauthenticated and the CORS configuration in app.py is overly permissive (allow_origins=["*"] or allowing localhost), an external attacker can bypass the UI entirely. By using directory traversal sequences (../), an attacker can force the app to write arbitrary data to any location accessible by the current user's permissions. This vulnerability is fixed in 4.4.2.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of the filename input in the export_file API to prevent directory traversal sequences like '../' from reaching filesystem logic.

AC-3 Access Enforcement good match
prevent

Enforces authentication and authorization policies for the unauthenticated export_file API endpoint to block external attacker access.

AC-6 Least Privilege partial match
prevent

Limits damage from successful arbitrary file writes by restricting the application's permissions to least privilege necessary for its functions.

Security SummaryAI

CVE-2026-27897 is a critical vulnerability (CVSS 10.0, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) in Vociferous, a cross-platform, offline speech-to-text application featuring local AI refinement. It affects versions prior to 4.4.2 and stems from improper input validation in the export_file route of src/api/system.py. The endpoint accepts a JSON payload with a filename and content but does not sanitize the filename before passing it to the backend filesystem logic, enabling path traversal (CWE-22). This is compounded by missing authentication for the critical function (CWE-306).

An external, unauthenticated attacker can exploit this by directly targeting the API endpoint, bypassing the intended native UI dialog for file handling. The overly permissive CORS policy in app.py (allow_origins=["*"] or allowing localhost) facilitates cross-origin requests from malicious web pages. By injecting directory traversal sequences like "../" into the filename field, the attacker can write arbitrary data to any filesystem location accessible by the application's running user permissions, potentially leading to full system compromise depending on the user's privileges.

The vulnerability is fixed in Vociferous 4.4.2. Security practitioners should upgrade to this version immediately. Additional details are available in the GitHub security advisory at https://github.com/WanderingAstronomer/Vociferous/security/advisories/GHSA-7cpr-frgj-h85v.

Details

CWE(s)
CWE-22CWE-306

Affected Products

wanderingastronomer
vociferous
≤ 4.4.2

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Matched keywords: ai

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables unauthenticated remote exploitation of a public-facing API endpoint through path traversal, allowing arbitrary file writes, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References