Which versions of Praisonai are affected by CVE-2026-40157?

PraisonAI versions below 4.5.128 contain a critical path traversal vulnerability in archive extraction that allows unauthenticated attackers to overwrite arbitrary system files when users unpack…. A patch is available.

How to fix or mitigate CVE-2026-40157?

Within 24 hours: Inventory all PraisonAI deployments and identify version numbers; alert users to cease unpacking .praison bundles from untrusted sources and enforce bundle source verification. Within 7 days: Implement file integrity monitoring on systems running PraisonAI and configure network controls to restrict outbound connections from PraisonAI processes. Within 30 days: Upgrade to PraisonAI 4.5.128 or later when available, or migrate to alternative multi-agent frameworks; establish a mandatory code review process for all recipe bundles before unpacking.

Praisonai CVE-2026-40157

Q: What is the CVSS score of CVE-2026-40157?

CVE-2026-40157 has a CVSS 4.0 base score of 9.4 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-21509 CRITICAL

Path Traversal (CWE-22)

2026-04-10 GitHub_M

GHSA-99g3-w8gr-x37c

Path Traversal Praisonai

9.4

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.4 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 15:22 vuln.today

cvss_changed

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 10, 2026 - 17:15 euvd

EUVD-2026-21509

Analysis Generated

Apr 10, 2026 - 17:15 vuln.today

CVE Published

Apr 10, 2026 - 16:47 nvd

CRITICAL 9.4

DescriptionGitHub Advisory

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who distributes a malicious bundle can overwrite arbitrary files on the victim's filesystem when they run praisonai recipe unpack. This vulnerability is fixed in 4.5.128.

AnalysisAI

Path traversal in PraisonAI multi-agent teams system (versions prior to 4.5.128) enables arbitrary file overwrite through malicious .praison archive bundles. The cmd_unpack function in recipe CLI performs unvalidated tar extraction, allowing attackers to embed ../ path sequences that escape the intended extraction directory. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Distribute malicious .praison tar archive

Delivery

Victim runs praisonai recipe unpack command

Exploit

Extract without path validation

Execution

Traversal writes files outside directory

Impact

Arbitrary file overwrite on filesystem