Path Traversal Vulnerability in PraisonAI by Mervin Praison
CVE-2026-60088
6.8MEDIUM
What is CVE-2026-60088?
PraisonAI versions prior to 4.6.78 contain a path traversal vulnerability due to inadequate validation of file path references in custom command templates. This flaw allows malicious actors to exploit the system by injecting path traversal sequences, enabling them to access files outside of the designated workspace. By incorporating these sequences into project command files, attackers can exfiltrate sensitive files into model prompts, thus compromising data integrity and confidentiality. Users of PraisonAI are encouraged to update to the latest version to mitigate this risk.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
