CVE-2026-35615: Critical Path Traversal in PraisonAI FileTools
Vulnerability ID: CVE-2026-35615
CVSS Score: 9.2
Published: 2026-04-06
PraisonAI prior to version 4.5.113 contains a critical path traversal vulnerability in the FileTools component. The vulnerability arises from an incorrect order of operations during path normalization, allowing unauthenticated remote attackers to read or write arbitrary files on the host system.
TL;DR
A logic error in PraisonAI's path validation allows attackers to bypass sandbox restrictions and access arbitrary files on the host system. Updating to version 4.5.113 resolves the issue.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-22
- Attack Vector: Network
- CVSS Score: 9.2
- Authentication: None Required
- Exploit Status: Public PoC Available
- CISA KEV: Not Listed
Affected Systems
- PraisonAI
-
PraisonAI: < v4.5.113 (Fixed in:
v4.5.113)
Mitigation Strategies
- Upgrade PraisonAI to v4.5.113 or later.
- Ensure path validation checks raw input before normalization functions are applied.
- Enforce strict base-directory prefixes using absolute path comparison.
- Run the PraisonAI application with least-privilege file system permissions.
Remediation Steps:
- Identify all instances of PraisonAI within the infrastructure.
- Check the current running version. If prior to v4.5.113, flag for update.
- Download and install PraisonAI v4.5.113.
- Restart the PraisonAI services.
- Validate the patch by running the provided PoC script against a test tool endpoint.
References
- GitHub Security Advisory GHSA-693f-pf34-72c5
- PraisonAI v4.5.113 Release Notes
- PT Security dbugs PT-2026-30763
- OSV.dev Advisory
Read the full report for CVE-2026-35615 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)