Compliance Impact

The vulnerability allows an attacker to write arbitrary files outside the configured workspace, potentially overwriting sensitive system files or dropping executable payloads. This can lead to unauthorized modification of system files and possible remote code execution.

Such unauthorized file modifications and potential system compromise can impact the integrity and availability of systems handling sensitive data, which may affect compliance with standards like GDPR and HIPAA that require protection of data integrity and system security.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-39305 is a critical Path Traversal vulnerability in the Action Orchestrator feature of the PraisonAI system. It allows an attacker or a compromised agent to write files outside the intended workspace directory by using relative path segments like '../' in the target file path.

This happens because the software does not properly validate or resolve the absolute path of the target file, enabling malicious actions to overwrite arbitrary files on the host system.

Such actions can include overwriting sensitive system files or dropping executable payloads, potentially leading to severe consequences like remote code execution or system corruption.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized modification of critical system files and dropping of malicious executable payloads on the host.

• An attacker can overwrite files such as ~/.ssh/authorized_keys or .bashrc, which can lead to Remote Code Execution (RCE).
• System integrity can be compromised, causing corruption or instability.
• Availability of the system can be affected due to the high impact on system files.

The vulnerability requires no privileges and no user interaction, making it easier for attackers to exploit if they have local access.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the praisonai package version is 4.5.112 or earlier, as these versions contain the vulnerable Action Orchestrator feature.

Additionally, detection can involve inspecting the file paths used by the Action Orchestrator, specifically looking for relative path traversal sequences (../) in the target paths that are used to write files.

A proof-of-concept involves crafting an ActionStep payload with target paths containing multiple ../ segments to write files outside the workspace directory.

While no specific commands are provided, you can check the installed praisonai version with a command like:

• pip show praisonai

You can also search for suspicious files created outside the workspace directory, for example by running:

• find /tmp -name 'orchestrator_pwned.txt'

Monitoring logs or file system changes for unexpected file writes outside the configured workspace directory may help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the praisonai package to version 4.5.113 or later, where this vulnerability has been fixed.

Until the upgrade can be applied, restrict access to the Action Orchestrator feature and avoid running untrusted or malicious actions that could exploit the path traversal flaw.

Additionally, review and harden file system permissions to limit the ability of the praisonai process to write outside its intended workspace directory.

Useful 0 Not Useful 0