CVE-2026-40152
Received Received - Intake
Path Traversal in PraisonAIAgents FileTools Allows File Enumeration

Publication date: 2026-04-09

Last updated on: 2026-04-20

Assigner: GitHub, Inc.

Description
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob() without any validation. Since Python's Path.glob() supports .. path segments, an attacker can use relative path traversal in the glob pattern to enumerate arbitrary files outside the workspace, obtaining file metadata (existence, name, size, timestamps) for any path on the filesystem. This vulnerability is fixed in 1.5.128.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40152
EUVD
EUVD-2026-21174
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
praison praisonaiagents to 1.5.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the PraisonAIAgents multi-agent teams system prior to version 1.5.128. Specifically, the list_files() tool in FileTools validates the directory parameter properly but does not validate the pattern parameter before passing it to Python's Path.glob() function. Since Path.glob() supports relative path segments like '..', an attacker can exploit this by using relative path traversal in the glob pattern to access and enumerate files outside the intended workspace boundaries.

This allows the attacker to obtain metadata about arbitrary files on the filesystem, such as their existence, names, sizes, and timestamps.

Impact Analysis

This vulnerability can impact you by allowing an attacker to enumerate files outside the designated workspace, potentially exposing sensitive file metadata such as file names, sizes, and timestamps.

While the attacker does not gain direct access to file contents, the exposure of metadata can aid in further attacks or information gathering, potentially compromising system confidentiality.

Mitigation Strategies

To mitigate this vulnerability, upgrade PraisonAIAgents to version 1.5.128 or later, where the issue with unvalidated glob patterns allowing path traversal has been fixed.

Compliance Impact

This vulnerability allows an attacker to perform relative path traversal to enumerate arbitrary files outside the intended workspace, obtaining file metadata such as existence, name, size, and timestamps.

While the vulnerability exposes file metadata, it does not indicate direct access to file contents or sensitive personal data.

Therefore, the impact on compliance with standards like GDPR or HIPAA depends on whether the exposed metadata includes personal or protected health information.

If such metadata relates to personal or sensitive data, this could lead to non-compliance due to unauthorized information disclosure.

However, the provided information does not specify the nature of the files or data exposed, so the exact compliance impact cannot be determined from the available data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40152. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart