Skip to main content

Praisonai EUVD-2026-21166

| CVE-2026-40148 MEDIUM
Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)
2026-04-09 GitHub_M GHSA-f2h6-7xfr-xm8w
Path Traversal Praisonai
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Apr 10, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 09, 2026 - 21:45 euvd
EUVD-2026-21166
Analysis Generated
Apr 09, 2026 - 21:45 vuln.today
CVE Published
Apr 09, 2026 - 21:22 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall(). An attacker can publish a malicious recipe bundle containing highly compressible data (e.g., 10GB of zeros compressing to ~10MB) that exhausts the victim's disk when pulled via LocalRegistry.pull() or HttpRegistry.pull(). This vulnerability is fixed in 4.5.128.

AnalysisAI

Disk exhaustion in PraisonAI prior to 4.5.128 allows remote attackers to consume arbitrary disk space by publishing malicious recipe bundles containing highly compressible data that expand dramatically during extraction. The vulnerability exists in the _safe_extractall() function, which validates only path traversal attacks but lacks checks on individual member sizes, cumulative extracted size, or member count before tar extraction, enabling an unauthenticated attacker to trigger denial of service via LocalRegistry.pull() or HttpRegistry.pull() with minimal user interaction.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS score of 6.5 (Medium) with network vector (AV:N), low complexity (AC:L), and no privilege requirement (PR:N) reflects remote exploitability with minimal attacker effort. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a malicious recipe bundle to a public or internal recipe registry containing a highly compressible file (e.g., a 10GB archive of zeros compressed to approximately 10MB). When a developer or automated process executes LocalRegistry.pull() or HttpRegistry.pull() to fetch this recipe, the _safe_extractall() function extracts the archive without size validation, causing the system's disk to fill completely and triggering denial of service. …
Remediation Vendor-released patch: Upgrade PraisonAI to version 4.5.128 or later, which implements resource validation checks in the _safe_extractall() function to enforce limits on individual member sizes, cumulative extracted size, and member count before tar extraction. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-21166 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy