Home / Vulnerability Intelligence / CVE-2026-39305

CVE-2026-39305 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: April 7, 2026

PraisonAI - Path Traversal

Published: April 7, 2026Updated: April 7, 2026

Overview

PraisonAI < 1.5.113 contains a path traversal caused by improper validation of relative path segments in Action Orchestrator, letting attackers or compromised agents write arbitrary files outside the workspace, exploit requires attacker control of target path.

Severity & Score

Severity: Critical

CVSS Score: 9.0

Impact

Attackers can write arbitrary files outside the workspace, potentially overwriting system files or dropping malicious payloads.

Mitigation

Update to version 1.5.113 or later.

References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-jfxc-v5g9-38xr

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-39305
Severity: Critical
CVSS Score: 9.0
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H