CVE-2026-61431
Received Received - Intake

Path Traversal in PraisonAI ContextGatherer

Vulnerability report for CVE-2026-61431, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and include their contents in the generated context bundle.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
praisonai praisonai to 4.6.78 (exc)
mervinpraison praisonai From 2.3.10 (inc) to 4.6.63 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61431 is a path traversal vulnerability in PraisonAI versions before 4.6.78, specifically in the ContextGatherer component. This component fails to properly validate include paths in .praisoncontext and .praisoninclude files, allowing attackers to supply absolute paths or directory traversal sequences (like "../") to read arbitrary files outside the intended workspace.

As a result, attackers can include the contents of these external files in the generated context bundle, potentially exposing sensitive information.

Compliance Impact

The vulnerability in PraisonAI's ContextGatherer allows attackers to read arbitrary files outside the intended workspace, potentially disclosing sensitive files such as source code, configuration files, logs, or API keys.

This unauthorized disclosure of sensitive information could impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls over the confidentiality and protection of personal and sensitive data.

Since the vulnerability leads to confidentiality breaches by exposing sensitive files to untrusted parties or external models, organizations using affected versions of PraisonAI may face risks related to regulatory compliance if such data includes personal or protected health information.

Impact Analysis

This vulnerability can impact you by allowing unauthorized reading of arbitrary files outside the workspace, which may include sensitive files such as source code, configuration files, logs, or API keys.

The impact is primarily on confidentiality, as attackers can gain access to sensitive information. However, it does not allow arbitrary write operations or command execution.

The severity is rated as Medium under a local or workspace threat model, but it could be more severe in environments where context is automatically gathered from untrusted repositories and sent to third-party models.

Detection Guidance

Detection of this vulnerability involves checking for the presence of .praisoncontext and .praisoninclude files that contain absolute paths or directory traversal sequences such as "../" which can lead to reading files outside the intended workspace.

You can manually inspect these files for suspicious include paths or use commands to search for traversal patterns.

  • Use grep or similar tools to find traversal sequences in project files: grep -rE '\.praisoncontext|\.praisoninclude' . | xargs grep -E '\.\./|^/'
  • Check for absolute paths in these files: grep -rE '\.praisoncontext|\.praisoninclude' . | xargs grep '^/'

Monitoring logs or context bundle generation for unexpected inclusion of files outside the workspace may also help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade PraisonAI to version 4.6.78 or later, where the vulnerability has been patched.

Additionally, ensure that .praisoncontext and .praisoninclude files do not contain absolute paths or directory traversal sequences that could lead to reading files outside the workspace.

Implement strict path validation to reject absolute paths and traversal attempts in these include files.

If upgrading immediately is not possible, restrict access to the ContextGatherer component and monitor for suspicious activity involving context bundle generation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart