GHSA-c2jg-5cp7-6wc7: Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer
Summary
Pipecat's LivekitFrameSerializer contains a critical vulnerability where its deserialize() method uses pickle.loads() (a Python function that reconstructs objects from binary data) on untrusted WebSocket client data without validation. An attacker can send a malicious pickle payload to execute arbitrary code on the server, potentially compromising the entire system. This affects servers using the now-deprecated LivekitFrameSerializer, especially if exposed to external networks.
Solution / Mitigation
In Pipecat version 0.0.90, the vulnerable LivekitFrameSerializer class was officially deprecated in favor of a safer LiveKitTransport method.
Vulnerability Details
EPSS: 0.0%
Yes
April 23, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-c2jg-5cp7-6wc7
First tracked: April 23, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%