Path Traversal Vulnerability in PraisonAI by Mervin Praison
CVE-2026-61431

6.8MEDIUM

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-61431?

PraisonAI before version 4.6.78 is susceptible to a path traversal vulnerability within the ContextGatherer component. This flaw arises from inadequate validation of include paths in .praisoncontext and .praisoninclude files. As a result, attackers may exploit this vulnerability to input absolute paths or utilize parent directory traversal sequences, thereby gaining unauthorized access to arbitrary files outside the designated workspace. This can lead to the inclusion of sensitive data in the generated context bundle, posing significant security risks.

Affected Version(s)

PraisonAI 0 < 4.6.78

PraisonAI 4.6.78

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rexpository
.