CVE-2026-39308: Arbitrary File Write via Path Traversal in PraisonAI Recipe Registry
Vulnerability ID: CVE-2026-39308
CVSS Score: 7.1
Published: 2026-04-06
PraisonAI versions prior to 4.5.113 contain an improper path limitation vulnerability in the recipe registry publish endpoint. An attacker can craft a malicious recipe bundle with directory traversal sequences in its internal manifest to write files outside the designated registry root directory. This critical path traversal flaw results in arbitrary file write capabilities on the hosting server, bypassing deferred request validation.
TL;DR
A path traversal vulnerability in PraisonAI's recipe registry allows attackers to achieve arbitrary file write by uploading crafted manifests, exploiting an insecure order of operations where files are written before validation occurs.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-22
- Attack Vector: Network
- CVSS Base Score: 7.1
- Impact: Arbitrary File Write
- Exploit Maturity: Proof-of-Concept
- CISA KEV Listed: False
Affected Systems
- PraisonAI Multi-Agent System
- PraisonAI Recipe Registry
-
PraisonAI: < 4.5.113 (Fixed in:
4.5.113)
Code Analysis
Commit: 0cb35a4
Security patch for path traversal and tar slip
Mitigation Strategies
- Upgrade to PraisonAI >= 4.5.113
- Implement strict network access control on the publish endpoint
- Run the application with least privilege filesystem permissions
Remediation Steps:
- Verify current PraisonAI version using
pip show praisonai - Update the package by running
pip install --upgrade praisonai>=4.5.113 - Restart the PraisonAI registry service to ensure the new code is loaded
- Audit the filesystem for unauthorized files ending in
.praisonoutside the registry root
References
- NVD - CVE-2026-39308
- GitHub Security Advisory GHSA-r9x3-wx45-2v7f
- Fix Commit: 0cb35a4fe3cc8549074d0efe228c947cc35a8dfd
- PraisonAI Release v4.5.113
Read the full report for CVE-2026-39308 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)