PraisonAIAgents is a multi‑agent system that offers a list_files tool to enumerate files within a workspace. Prior to version 1.5.128, the tool validated the directory argument against workspace boundaries via an internal check, but it passed the user‑supplied glob pattern directly to Python’s Path.glob() without validation. Because Path.glob() accepts parent path segments, an attacker can embed relative traversal components (..), allowing the enumeration of files outside the intended workspace. The exposed data – file names, sizes and timestamps – represents an information‑disclosure vulnerability (CWE‑22) rather than a code‑execution flaw. The vulnerability therefore enables an attacker to discover the existence and characteristics of arbitrary filesystem objects without modifying them.

The flaw affects all deployments of PraisonAIAgents distributed by MervinPraison with a version older than 1.5.128. The issue was fixed in release 1.5.128, so any installation newer than that version is not impacted. No other vendors or product variants are reported.

The CVSS score of 5.3 indicates medium severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the ability to invoke the list_files function; if the API endpoint is reachable from the network, an attacker can supply a crafted glob pattern and trigger the flaw remotely. The impact is limited to file metadata disclosure, which can aid further attacks but does not allow direct code execution. Overall risk is moderate, warranting prompt remediation.