CVE-2024-43035

MEDIUM

Fonoster 0.5.5-0.6.1 - Path Traversal via VoiceServer Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-43035. PoCs published by ZeroPathAI.

AI-analyzed exploit summary The repository contains a functional Python script that exploits a Local File Inclusion (LFI) vulnerability in Fonoster by sending a crafted HTTP request to retrieve arbitrary files from the server. The PoC demonstrates the vulnerability by encoding the file path and appending it to the '/sounds/' endpoint.

Description

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1.

Exploits (1)

nomisec WORKING POC
by ZeroPathAI · poc
https://github.com/ZeroPathAI/Fonoster-LFI-PoC

The repository contains a functional Python script that exploits a Local File Inclusion (LFI) vulnerability in Fonoster by sending a crafted HTTP request to retrieve arbitrary files from the server. The PoC demonstrates the vulnerability by encoding the file path and appending it to the '/sounds/' endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Fonoster (version not specified)
No auth needed
Prerequisites: network access to the Fonoster server · knowledge of the target file path
devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.8
EPSS 0.0236
EPSS Percentile 81.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-24
Status published
Products (2)
Fonoster/Fonoster 0.5.5 - 0.6.1
fonoster/voice 0.5.5 - 0.6.1npm
Published Mar 05, 2026
Tracked Since Mar 06, 2026