Path Traversal Vulnerability in PraisonAI FastContext Before Version 1.6.78
CVE-2026-61432

6.9MEDIUM

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-61432?

The FastContext feature in PraisonAI, prior to version 1.6.78, has a vulnerability that allows attackers to exploit inadequate containment of workspace paths. By providing absolute paths or utilizing '../' traversal sequences in tool arguments or model-generated function calls—such as grep_search, glob_search, read_file, or list_directory—an attacker can retrieve and enumerate files outside the designated workspace directory. This flaw compromises the integrity of file access controls, potentially exposing sensitive data or allowing for injection of malicious data into the model's context.

Affected Version(s)

PraisonAI 0 < 1.6.78

PraisonAI 1.6.78

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rexpository
.