Path Traversal Vulnerability in PraisonAI by Mervin Praison
CVE-2026-61431
6.8MEDIUM
What is CVE-2026-61431?
PraisonAI before version 4.6.78 is susceptible to a path traversal vulnerability within the ContextGatherer component. This flaw arises from inadequate validation of include paths in .praisoncontext and .praisoninclude files. As a result, attackers may exploit this vulnerability to input absolute paths or utilize parent directory traversal sequences, thereby gaining unauthorized access to arbitrary files outside the designated workspace. This can lead to the inclusion of sensitive data in the generated context bundle, posing significant security risks.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
