Path Traversal Vulnerability in PraisonAI FastContext Before Version 1.6.78
CVE-2026-61432
6.9MEDIUM
What is CVE-2026-61432?
The FastContext feature in PraisonAI, prior to version 1.6.78, has a vulnerability that allows attackers to exploit inadequate containment of workspace paths. By providing absolute paths or utilizing '../' traversal sequences in tool arguments or model-generated function calls—such as grep_search, glob_search, read_file, or list_directory—an attacker can retrieve and enumerate files outside the designated workspace directory. This flaw compromises the integrity of file access controls, potentially exposing sensitive data or allowing for injection of malicious data into the model's context.
Affected Version(s)
PraisonAI 0 < 1.6.78
PraisonAI 1.6.78
