Description
PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and allows trivial path traversal to any file on the system. This vulnerability is fixed in 1.5.113.
Published: 2026-04-07
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Path Traversal
Action: Immediate Patch
AI Analysis

Impact

PraisonAI’s FileTools component contains an error in the _validate_path routine. The function first normalizes paths, which collapses any '..' sequences, then checks for the presence of '..' in the already‑processed string. Because the collapse step removes those sequences, the subsequent check always succeeds, allowing an adversary to construct paths that escape the intended directory and access any file on the system. This flaw enables reading or modifying arbitrary files, potentially exposing sensitive data or allowing malicious code to be written. The weakness is a classic instance of path traversal as defined by CWE‑22.

Affected Systems

The vendor MervinPraison publishes PraisonAI, and the vulnerability exists in every release before version 1.5.113. Any deployment running those earlier releases remains exposed.

Risk and Exploitability

The reported score for this issue is 9.2, indicating high severity with substantial impact on confidentiality, integrity, and availability. No publicly available exploit probability metric has been released. The flaw has not been documented in the relevant exploitation catalog. The attack likely involves either local or remote access to the component that can feed crafted file paths; once triggered, an attacker can read configuration files, secrets, or write arbitrary files, potentially leading to system compromise.

Generated by OpenCVE AI on April 7, 2026 at 23:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PraisonAI to version 1.5.113 or later, where the bug has been corrected.
  • If an upgrade is not immediately possible, limit the permissions granted to the PraisonAI process so it cannot access or modify files outside its intended directory, and monitor the system for unexpected file activity.
  • Confirm that any custom configurations or plugins do not expose the vulnerable path‑validation function to untrusted input sources.

Generated by OpenCVE AI on April 7, 2026 at 23:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-693f-pf34-72c5 PraisonAI Has Path Traversal in FileTools
History

Thu, 16 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Praison
Praison praisonai
CPEs cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*
Vendors & Products Praison
Praison praisonai
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Thu, 09 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Mervinpraison
Mervinpraison praisonai
Vendors & Products Mervinpraison
Mervinpraison praisonai

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and allows trivial path traversal to any file on the system. This vulnerability is fixed in 1.5.113.
Title PraisonAI has a Path Traversal in FileTools
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Mervinpraison Praisonai
Praison Praisonai
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-09T16:18:10.919Z

Reserved: 2026-04-03T21:25:12.163Z

Link: CVE-2026-35615

cve-icon Vulnrichment

Updated: 2026-04-09T15:08:27.044Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T17:16:35.980

Modified: 2026-04-16T01:34:08.000

Link: CVE-2026-35615

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:47:45Z

Weaknesses