CVE-2026-54695 | pipecat-ai pipecat up to 1.3.x WebSocket Endpoint utils.py callSid authorization
A vulnerability was found in pipecat-ai pipecat up to 1.3.x. It has been declared as critical. This vulnerability affects unknown code of the file src/pipecat/runner/utils.py of the component WebSocket Endpoint. The manipulation of the argument callSid results in missing authorization.
This vulnerability is reported as CVE-2026-54695. The attack can be launched remotely. No exploit exists.