Path Traversal Vulnerability in PraisonAI by Mervin Praison
CVE-2026-60088

6.8MEDIUM

Key Information:

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-60088?

PraisonAI versions prior to 4.6.78 contain a path traversal vulnerability due to inadequate validation of file path references in custom command templates. This flaw allows malicious actors to exploit the system by injecting path traversal sequences, enabling them to access files outside of the designated workspace. By incorporating these sequences into project command files, attackers can exfiltrate sensitive files into model prompts, thus compromising data integrity and confidentiality. Users of PraisonAI are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

PraisonAI 0 < 4.6.78

PraisonAI 4.6.78

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rexpository
.