Skip to main content

PraisonAI EUVDEUVD-2026-42897

| CVE-2026-61431 MEDIUM
Path Traversal (CWE-22)
2026-07-10 VulnCheck GHSA-w37c-cq55-frjp
6.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.5 MEDIUM

Local vector with required user interaction to process workspace files; no integrity or availability impact, only high confidentiality loss.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 16:02 vuln.today

DescriptionCVE.org

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and include their contents in the generated context bundle.

AnalysisAI

Path traversal in PraisonAI's ContextGatherer component (all versions before 4.6.78) allows an attacker who can supply or manipulate .praisoncontext or .praisoninclude files to read arbitrary files outside the intended workspace directory, including sensitive system files accessible to the user running PraisonAI. The vulnerability stems from a complete absence of path validation before file inclusion, permitting both absolute paths and relative traversal sequences. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Place malicious .praisoncontext or .praisoninclude in target workspace
Delivery
Victim invokes PraisonAI context gathering
Exploit
ContextGatherer resolves unvalidated traversal path
Execution
Arbitrary local file read succeeds
Persist
Sensitive file contents embedded in context bundle
Impact
Data exfiltrated via AI API call or log exposure

Vulnerability AssessmentAI

Exploitation Exploitation requires that a victim run PraisonAI's ContextGatherer against a workspace containing a .praisoncontext or .praisoninclude file that has been planted or modified by the attacker to include absolute paths or parent-directory traversal sequences. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.8 (Medium) reflects a meaningful but constrained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker embeds a malicious .praisoninclude file containing an absolute path such as /etc/passwd or a traversal sequence like ../../../../home/user/.ssh/id_rsa in a shared project repository or contributed workspace. When a developer or automated CI pipeline runs PraisonAI context gathering against that repository, ContextGatherer reads and incorporates the sensitive file contents into the generated context bundle, which may then be transmitted to an external AI API endpoint, written to logs, or returned to the attacker if they control the downstream context consumer. …
Remediation Upgrade PraisonAI to version 4.6.78 or later; this is the vendor-confirmed fix version per the CVE description. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-61447 CRITICAL
10.0 Jul 11

Remote code execution in PraisonAI before 1.6.78 allows attackers to run arbitrary Python on the host by manipulating th

CVE-2026-61445 CRITICAL
9.4 Jul 11

Root-level command execution and arbitrary file write in PraisonAI's AICoder component (all versions before 4.6.78) let

CVE-2026-40157 CRITICAL
9.4 Apr 10

Path traversal in PraisonAI multi-agent teams system (versions prior to 4.5.128) enables arbitrary file overwrite throug

CVE-2026-61444 CRITICAL
9.4 Jul 10

Remote code execution in PraisonAI before 4.6.78 lets an attacker who can supply the agents_file parameter to deploy/api

CVE-2026-60090 CRITICAL
9.3 Jul 11

SQL/CQL injection in PraisonAI's PGVector and Cassandra knowledge-store backends before 4.6.78 allows a caller who contr

CVE-2026-40151 MEDIUM POC
5.3 Apr 09

PraisonAI AgentOS prior to version 4.5.128 exposes agent metadata including names, roles, and system instruction snippet

CVE-2026-40154 CRITICAL
9.3 Apr 09

Remote code execution in PraisonAI multi-agent framework (versions prior to 4.5.128) allows unauthenticated attackers to

CVE-2026-40289 CRITICAL
9.1 Apr 14

Unauthenticated remote session hijacking in PraisonAI's browser bridge (versions <4.5.139) and praisonaiagents (<1.5.140

CVE-2026-61426 HIGH
8.8 Jul 11

Unauthenticated agent access in PraisonAI before 1.7.3 lets remote attackers read agent instructions and system prompts

CVE-2026-61436 HIGH
8.8 Jul 15

Webhook signature-verification bypass in PraisonAI before 4.6.78 lets unauthenticated attackers forge Svix 'message.rece

CVE-2026-61435 HIGH
8.8 Jul 15

Authentication bypass in PraisonAI before 4.6.78 lets a remote, unauthenticated attacker reach the Call API agent-invoca

CVE-2026-61439 HIGH
8.7 Jul 11

System prompt extraction and unauthorized tool invocation in PraisonAI before 4.6.78 arise because the prompt-injection

Share

EUVD-2026-42897 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy