Home

Description

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside_secret.txt or absolute paths in project command files to exfiltrate process-readable files into model prompts.

PUBLISHED Reserved 2026-07-08 | Published 2026-07-11 | Updated 2026-07-13 | Assigner VulnCheck




MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 4.6.78
affected

4.6.78 (semver)
unaffected

Credits

rexpository reporter

References

github.com/...isonAI/security/advisories/GHSA-xpx6-x8c2-mw5w exploit

github.com/...isonAI/security/advisories/GHSA-xpx6-x8c2-mw5w (GitHub Security Advisory (GHSA-xpx6-x8c2-mw5w)) vendor-advisory

github.com/...ommit/3aa9cbc2bd49c23a32be0a89a5e620d13d843eab patch

www.vulncheck.com/...fore-path-traversal-via-custom-commands (VulnCheck Advisory: PraisonAI before 4.6.78 Path Traversal via Custom Commands) third-party-advisory

cve.org (CVE-2026-60088)

nvd.nist.gov (CVE-2026-60088)

Download JSON