Compliance Impact

The vulnerability allows unauthorized access to any file on the system, including sensitive files such as /etc/passwd, /etc/shadow, and private SSH keys. This unauthorized access to sensitive data can lead to breaches of confidentiality.

Such breaches of confidentiality can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive personal and health information against unauthorized access.

Because the vulnerability enables remote exploitation without privileges or user interaction, it poses a critical risk to data confidentiality, which is a core requirement in these regulations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-35615 is a critical path traversal vulnerability in the PraisonAI multi-agent teams system, specifically in the _validate_path() function of the FileTools component. The function attempts to prevent path traversal by normalizing file paths using os.path.normpath() and then checking for the substring '..' in the normalized path. However, since os.path.normpath() collapses '..' sequences before the check, the check always passes and fails to detect traversal attempts.

Additionally, the function uses os.path.abspath() but does not resolve symbolic links, which allows attackers to exploit symlink-based traversal. This flaw enables attackers who can specify file paths in file operations to bypass protections and access any file on the system, including sensitive files like /etc/passwd, /etc/shadow, and private SSH keys.

The vulnerability is fixed in version 1.5.113 by checking for '..' in the original input path before normalization and resolving symbolic links.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker to perform unauthorized path traversal attacks, enabling them to access any file on the affected system without any privileges or user interaction.

• Unauthorized reading of sensitive files such as /etc/passwd, /etc/shadow, and private SSH keys.
• Potential arbitrary file writes if combined with write operations, leading to further system compromise.

Because the attack vector is network-based and requires no privileges or user interaction, the risk is high and can lead to significant confidentiality breaches.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing whether the _validate_path() function improperly allows path traversal by collapsing '..' sequences before checking for them, which can be verified by attempting to access sensitive files using crafted paths.

A practical detection method is to attempt to read sensitive files such as /etc/passwd using path traversal sequences like '/tmp/../etc/passwd' through the vulnerable file operation interfaces (e.g., read_file). If the system returns the contents without error, it indicates the vulnerability is present.

Since the vulnerability is in the praisonai package's FileTools component, you can check the version of PraisonAI installed; versions prior to 1.5.113 are vulnerable.

Specific commands depend on the environment, but a conceptual example in a Python environment using the vulnerable function might be:

• Call _validate_path('/tmp/../etc/passwd') and check if it returns '/etc/passwd' without raising an error.
• Attempt to read the file at the returned path to confirm unauthorized access.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade PraisonAI to version 1.5.113 or later, where the vulnerability is fixed.

The fix involves changing the _validate_path() function to check for '..' in the original input path before normalization and resolving symbolic links to prevent symlink-based traversal.

Until the upgrade is applied, restrict access to the vulnerable file operation interfaces to trusted users only, and monitor for suspicious file access attempts.

Useful 0 Not Useful 0