CVE-2026-40157

CRITICAL

PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`

Title source: cna
STIX 2.1

Description

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who distributes a malicious bundle can overwrite arbitrary files on the victim's filesystem when they run praisonai recipe unpack. This vulnerability is fixed in 4.5.128.

References (1)

Scores

CVSS v4 9.4
EPSS 0.0006
EPSS Percentile 17.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (2)
MervinPraison/PraisonAI < 4.5.128
pypi/PraisonAI 2.7.2 - 4.5.128PyPI
Published Apr 10, 2026
Tracked Since Apr 10, 2026