Description
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of service, or code execution.
Published: 2026-06-18
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PraisonAI components prior to version 1.5.115 allow attackers to manipulate agent identifiers to include traversal sequences such as "../", resulting in the construction of file paths that reference arbitrary files on the host. This flaw satisfies CWE-22, enabling attackers to read sensitive files, write new content, or overwrite existing files. The capability to modify or read arbitrary files can lead to disclosure of confidential data, denial of service by corrupting critical files, or remote code execution if executable files are replaced or injected.

Affected Systems

The vulnerability affects PraisonAI deployments running any version less than 1.5.115. The affected component is the MultiAgentMonitor service, which constructs file paths using unsanitized agent IDs. Users of PraisonAI in any environment—development, staging, or production—are potentially impacted if they run a vulnerable version.

Risk and Exploitability

The CVSS score of 8.7 classifies this flaw as high severity, indicating significant impact potential. The EPSS score is not available, so current exploitation probability is unknown, and the flaw is not listed in CISA's KEV catalog. Attackers can reach the vulnerable code path via the interface that accepts agent IDs, so remote exploitation is plausible depending on network exposure. The lack of an official fix in the current version underscores the need for an urgent upgrade.

Generated by OpenCVE AI on June 19, 2026 at 00:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy an updated PraisonAI release that includes a fix for the path traversal bug, if one is available.
  • If an update cannot be deployed immediately, restrict external access to the MultiAgentMonitor service by using firewall rules or network segmentation so that only trusted internal hosts can reach it.
  • Implement server‑side validation to reject agent identifiers containing relative path components (e.g., "../") or absolute path sequences before building file paths.

Generated by OpenCVE AI on June 19, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Description PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of service, or code execution.
Title PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor
First Time appeared Praison
Praison praisonai
Weaknesses CWE-22
CPEs cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*
Vendors & Products Praison
Praison praisonai
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Praison Praisonai
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T22:12:25.447Z

Reserved: 2026-06-18T15:57:20.434Z

Link: CVE-2026-56078

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T01:30:16Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')