CVE-2026-40157
Path Traversal in PraisonAI Recipe CLI Allows Arbitrary File Overwrite
Publication date: 2026-04-10
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | to 4.5.128 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40157 is a critical path traversal vulnerability in the PraisonAI package's `praisonai recipe unpack` command. The vulnerability occurs because the command extracts .praison tar archives without validating the paths of the files inside the archive.
Specifically, the extraction process does not check for dangerous path components like `..` or absolute paths, allowing an attacker to craft a malicious archive that can write files outside the intended extraction directory.
When a victim runs the vulnerable unpack command on such a malicious archive, arbitrary files anywhere on the filesystem where the user has write permissions can be overwritten, including sensitive files like shell configuration files, cron jobs, SSH authorized keys, or project files.
This vulnerability is fixed in version 4.5.128 by replacing the unsafe extraction code with a safe extraction function that validates paths to prevent path traversal.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an attacker to overwrite arbitrary files on your filesystem when you run the vulnerable unpack command.
- An attacker can overwrite critical system or user files such as shell configuration files (.bashrc, .zshrc), which can be used to execute malicious code when you start a shell.
- They can modify cron jobs to schedule malicious tasks.
- They can alter SSH authorized keys to gain unauthorized access.
- They can overwrite important project files, potentially corrupting your work or injecting malicious code.
Overall, this can lead to system compromise, data loss, or unauthorized access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the usage of the `praisonai recipe unpack` command and checking if it is extracting .praison tar archives without proper path validation.
One way to detect exploitation attempts is to look for unusual file writes outside the intended extraction directory, especially files with path traversal sequences like `../../` in their paths.
You can search for recently modified files outside expected directories that coincide with the time of running `praisonai recipe unpack`.
Suggested commands include:
- Check for suspicious files created or modified outside the expected extraction directory, for example: `find /target/directory -type f -mtime -1` to find files modified in the last day.
- Audit command history for usage of `praisonai recipe unpack`: `grep 'praisonai recipe unpack' ~/.bash_history`.
- Inspect tar archives before extraction for path traversal entries using: `tar -tf archive.praison | grep '\.\./'`.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-40157 allows an attacker to overwrite arbitrary files on the victim's filesystem by exploiting a path traversal vulnerability in the PraisonAI recipe unpack command. This can lead to unauthorized modification of sensitive files such as shell configuration files, cron jobs, SSH authorized keys, or project files.
Such unauthorized file modifications can compromise system integrity and confidentiality, potentially leading to data breaches or unauthorized access to sensitive information.
Therefore, this vulnerability can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of data integrity, confidentiality, and system security to prevent unauthorized access or data manipulation.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade PraisonAI to version 4.5.128 or later, where the vulnerability is fixed by replacing the unsafe extraction code with a safe extraction function that validates archive member paths.
Until the upgrade is applied, avoid running `praisonai recipe unpack` on untrusted or unauthenticated .praison bundles to prevent arbitrary file overwrites.
Additionally, monitor your system for any suspicious file modifications or unexpected behavior that could indicate exploitation.