CVE-2026-39305
Path Traversal in PraisonAI Action Orchestrator Allows Arbitrary File Write
Publication date: 2026-04-07
Last updated on: 2026-04-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | to 4.5.112 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39305 is a critical Path Traversal vulnerability in the Action Orchestrator feature of the PraisonAI system. It allows an attacker or a compromised agent to write files outside the intended workspace directory by using relative path segments like '../' in the target file path.
This happens because the software does not properly validate or resolve the absolute path of the target file, enabling malicious actions to overwrite arbitrary files on the host system.
Such actions can include overwriting sensitive system files or dropping executable payloads, potentially leading to severe consequences like remote code execution or system corruption.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized modification of critical system files and dropping of malicious executable payloads on the host.
- An attacker can overwrite files such as ~/.ssh/authorized_keys or .bashrc, which can lead to Remote Code Execution (RCE).
- System integrity can be compromised, causing corruption or instability.
- Availability of the system can be affected due to the high impact on system files.
The vulnerability requires no privileges and no user interaction, making it easier for attackers to exploit if they have local access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the praisonai package version is 4.5.112 or earlier, as these versions contain the vulnerable Action Orchestrator feature.
Additionally, detection can involve inspecting the file paths used by the Action Orchestrator, specifically looking for relative path traversal sequences (../) in the target paths that are used to write files.
A proof-of-concept involves crafting an ActionStep payload with target paths containing multiple ../ segments to write files outside the workspace directory.
While no specific commands are provided, you can check the installed praisonai version with a command like:
- pip show praisonai
You can also search for suspicious files created outside the workspace directory, for example by running:
- find /tmp -name 'orchestrator_pwned.txt'
Monitoring logs or file system changes for unexpected file writes outside the configured workspace directory may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the praisonai package to version 4.5.113 or later, where this vulnerability has been fixed.
Until the upgrade can be applied, restrict access to the Action Orchestrator feature and avoid running untrusted or malicious actions that could exploit the path traversal flaw.
Additionally, review and harden file system permissions to limit the ability of the praisonai process to write outside its intended workspace directory.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to write arbitrary files outside the configured workspace, potentially overwriting sensitive system files or dropping executable payloads. This can lead to unauthorized modification of system files and possible remote code execution.
Such unauthorized file modifications and potential system compromise can impact the integrity and availability of systems handling sensitive data, which may affect compliance with standards like GDPR and HIPAA that require protection of data integrity and system security.
However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.