CVE-2026-61432
Received Received - Intake

Path Traversal in PraisonAI FastContext Feature

Vulnerability report for CVE-2026-61432, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastContext feature (praisonaiagents.context.fast). FastContextAgent.execute_tool() prepends the configured workspace_path only for relative paths and neither rejects absolute paths nor canonicalizes joined paths before enforcing workspace containment. As a result, tool arguments or model-generated function calls to grep_search, glob_search, read_file, or list_directory can supply absolute paths or '../' traversal sequences to read, search, and enumerate files outside the intended workspace directory, with file contents returned to the caller or injected into the model's tool-result context.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
praisonai praisonaiagents to 1.6.78 (exc)
praisonai praisonaiagents From 0 (inc) to 1.6.63 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The path traversal vulnerability in PraisonAI FastContext allows unauthorized reading and enumeration of files outside the intended workspace directory. This unauthorized access could lead to disclosure of sensitive files such as source code, logs, configuration files, or credentials.

Such unauthorized disclosure of sensitive or personal data can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on access to protected data and mandate safeguarding sensitive information against unauthorized access.

Executive Summary

This vulnerability is a path traversal issue in PraisonAI's FastContext feature before version 1.6.78. The problem lies in the FastContextAgent.execute_tool() function, which only prepends the configured workspace_path for relative paths but does not reject absolute paths or canonicalize joined paths before enforcing workspace containment.

As a result, attackers can supply absolute paths or '../' traversal sequences in tool arguments or model-generated function calls such as grep_search, glob_search, read_file, or list_directory. This allows them to read, search, and enumerate files outside the intended workspace directory.

The unauthorized file contents can then be returned to the caller or injected into the model's tool-result context, potentially exposing sensitive information.

Impact Analysis

This vulnerability can allow an attacker to access files outside the intended workspace directory, including sensitive files such as source code, logs, configuration files, or credentials.

By exploiting this path traversal, attackers can read, search, and enumerate files that should be protected, potentially leading to unauthorized disclosure of confidential information.

The exposed file contents may be returned directly to the attacker or injected into the model's tool-result context, increasing the risk of data leakage.

Detection Guidance

This vulnerability involves path traversal in the FastContext feature of PraisonAI, allowing reading files outside the intended workspace by supplying absolute paths or '../' sequences in tool arguments.

To detect exploitation attempts on your system, you can monitor logs or tool usage for calls to FastContextAgent.execute_tool() that include absolute paths or path traversal sequences in arguments to functions like grep_search, glob_search, read_file, or list_directory.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade PraisonAI praisonaiagents to version 1.6.78 or later, where the vulnerability has been patched by implementing strict workspace containment checks for all path arguments.

Until the upgrade can be applied, avoid running untrusted or lower-trust prompts or callers that could supply malicious path arguments to FastContextAgent.execute_tool() functions such as grep_search, glob_search, read_file, or list_directory.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart