Threat Advisory

Pipecat AI Vulnerability Exposes Call Control

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-54695 with a CVSS score of 7.5 is a high-severity vulnerability in the pipecat-ai package, specifically affecting versions 0.0.77 to 1.4.0, where the development runner registers a `/ws` WebSocket endpoint for telephony testing that accepts connections without any authentication, allowing an unauthenticated remote attacker to connect to this endpoint and send a crafted Twilio handshake message containing an attacker-supplied `callSid`, which can cause the server to issue an authenticated Twilio REST API hang-up request against that call SID using the server operator's own credentials, thereby gaining the capability to forcibly terminate an active call on the victim's Twilio account if the attacker knows or obtains a valid call SID for that account, resulting in significant business impact and consequences, including disruption of telephony services and potential financial losses, and requiring the attacker to have network access to the exposed runner endpoint and knowledge of a valid call SID for the victim's Twilio account.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-54695 with a CVSS score of 7.5 is a high-severity vulnerability in the pipecat-ai package, specifically affecting versions 0.0.77 to 1.4.0, where the development runner registers a `/ws` WebSocket endpoint for telephony testing that accepts connections without any authentication, allowing an unauthenticated remote attacker to connect to this endpoint and send a crafted Twilio handshake message containing an attacker-supplied `callSid`, which can cause the server to issue an authenticated Twilio REST API hang-up request against that call SID using the server operator's own credentials, thereby gaining the capability to forcibly terminate an active call on the victim's Twilio account if the attacker knows or obtains a valid call SID for that account, resulting in significant business impact and consequences, including disruption of telephony services and potential financial losses, and requiring the attacker to have network access to the exposed runner endpoint and knowledge of a valid call SID for the victim's Twilio account.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update pipecat-ai to version 1.4.0.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-j8cv-x86q-rj85

[/emaillocker]
crossmenu