GHSA-52vm-mxx8-f227High· 7.7▾ TwilightPhantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
▾ Twilight zone — High severity, or a signal on a lesser flaw
impact 42.4 · likelihood 0 · exploitation 0
Need a working PoC? Pro members can cast a request and our team develops one — it lands right here.
In Phantom <= 1.3.0, when PHANTOM_OUTPUT_DIR was unset (the default), the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls (e.g. an AI agent driving the MCP interface) could write or overwrite arbitrary files the process user can write — including shell startup files (~/.zshrc) or a Reaper __startup.lua, which is effectively local code execution on a developer workstation.
Separately, the stem-separation and render paths decoded input audio with no size/duration cap (the analysis path was already guarded). A small, highly compressed FLAC/OGG could expand to multi-gigabyte PCM, causing memory-exhaustion DoS, and widened exposure to decoder bugs including libsndfile CVE-2026-37555.
Fixed in 1.3.1:
PHANTOM_OUTPUT_DIR (default ~/.phantom/output); symlinks resolved and re-verified on the final path.-max_alloc/-t/-fs).O_CREAT|O_EXCL output creation in reference matching and symlink-TOCTOU hardening on confined input reads.Set PHANTOM_OUTPUT_DIR (and optionally PHANTOM_AUDIO_DIR) to dedicated directories before starting the server.
Found during an internal security audit.
phantom-audio <= 1.3.0Upgrade to a patched release:
phantom-audio 1.3.1Connected by shared product, vendor, weakness, or advisory.
CVE-2026-24049High· 7.1wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427
CVE-2025-68428High· 7.5jsPDF is a library to generate PDFs in JavaScript
CVE-2026-49836Mediumpsd-tools vulnerable to arbitrary file write via smart-object filename
CVE-2026-12568Medium· 6.5BBOT: Arbitrary File Write in postman_download Module
CVE-2026-34070High· 7.5LangChain is a framework for building agents and LLM-powered applications
CVE-2026-33236High· 8.1NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing