A critical insecure deserialization vulnerability in the Pipecat framework allows remote attackers to achieve arbitrary code execution on servers configured with the deprecated LivekitFrameSerializer.

The LivekitFrameSerializer class uses pickle.loads() on untrusted WebSocket data without validation. An unauthenticated attacker can send a crafted payload to execute code on the server.

With a CVSS score of 9.8, this vulnerability allows for complete server compromise. If the server is exposed to the internet, attackers can gain full control over the host, leading to data breaches and potential lateral movement into the internal network.

Immediate Action: Upgrade to Pipecat version 0.0.94 or higher and cease usage of the vulnerable LivekitFrameSerializer.

Proactive Monitoring: Inspect application logs for signs of deserialization errors or unexpected process spawns originating from WebSocket handlers.

Compensating Controls: Isolate the service using network segmentation and ensure it is not exposed to the public internet unless absolutely necessary.

Public Exploit Available: No

The use of insecure deserialization is a high-risk practice that must be eliminated. Developers using Pipecat should immediately migrate to the latest version and transition to the recommended LiveKitTransport to ensure long-term security.