CVE-2026-39307 - Vulnerability Details

- PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction

Description

PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses Python's zipfile.extractall() without verifying if the files within the archive resolve outside of the intended extraction directory. This vulnerability is fixed in 1.5.113.

Published: 2026-04-07

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

PraisonAI, a multi-agent teams system, contains a vulnerability in its template installation feature that allows files to be written outside the intended directory. The flaw arises from the use of Python's zipfile.extractall() on downloaded template archives without validating that the paths remain confined to the extraction directory. This issue can result in overwriting or creating files in unintended locations, which may compromise application integrity or confidentiality.

Affected Systems

The vulnerability affects installations of MervinPraison PraisonAI up to and including version 1.5.112. Version 1.5.113 and later contain a fix that validates extraction paths.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. EPSS data is not provided and the vulnerability is not listed in the KEV catalog. Based on the description, it is inferred that an attacker who can supply a crafted template archive to the installer would be able to manipulate file paths and write to arbitrary locations. No complex prerequisites are required; the exploit would rely on the template installation mechanism, which is typically exposed for external source downloads. The limited available metrics do not express exploit probability, but the high‑severity score and straightforward exploitation path suggest a significant risk for unpatched deployments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MervinPraison

PraisonAI

affected

Version	Status	Constraints
`< 4.5.113`	affected	—

Configuration 1 [-]

cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Mervinpraison

Praisonai

100%

Version	Status	Scheme	Platform
`[0,4.5.113)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade PraisonAI to version 1.5.113 or later; this update enforces path validation during template extraction.

Generated by OpenCVE AI on April 7, 2026 at 23:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-4ph2-f6pf-79wv	PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0005.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4ph2-f6pf-79wv

History

Thu, 16 Apr 2026 01:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Praison Praison praisonai
CPEs		cpe:2.3:a:praison:praisonai::::::::
Vendors & Products		Praison Praison praisonai

Thu, 09 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 08 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mervinpraison Mervinpraison praisonai
Vendors & Products		Mervinpraison Mervinpraison praisonai

Tue, 07 Apr 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses Python's zipfile.extractall() without verifying if the files within the archive resolve outside of the intended extraction directory. This vulnerability is fixed in 1.5.113.
Title		PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction
Weaknesses		CWE-22
References		https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4ph2-f6pf-79wv
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}`

Subscriptions

Mervinpraison Praisonai

Praison Praisonai

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-07T16:49:29.885Z

Updated: 2026-04-09T15:40:37.560Z

Reserved: 2026-04-06T19:31:07.265Z

Link: CVE-2026-39307

Vulnrichment

Updated: 2026-04-09T15:40:16.731Z

NVD

Status : Analyzed

Published: 2026-04-07T17:16:36.613

Modified: 2026-04-16T01:18:47.283

Link: CVE-2026-39307

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-08T19:47:40Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object