Scan free
HIGHCVE-2026-39307CVSS 8.1

CVE-2026-39307: Arbitrary File Access in PraisonAI

Platform

python

Component

praisonaiai

Fixed in

4.5.114

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-39307 describes an Arbitrary File Write vulnerability discovered in PraisonAI, a multi-agent teams system. This "Zip Slip" vulnerability allows attackers to write files outside the intended extraction directory during template installation, potentially leading to code execution or data corruption. The vulnerability affects versions 1.5.113 and earlier, and a fix is available in version 1.5.113.

Python

Detect this CVE in your project

Upload your requirements.txt file and we'll tell you instantly if you're affected.

Upload requirements.txtSupported formats: requirements.txt · Pipfile.lock

Impact and Attack Scenarios

The primary impact of CVE-2026-39307 is the ability for an attacker to write arbitrary files to the PraisonAI installation directory. This can be exploited to overwrite critical system files, inject malicious code, or gain unauthorized access to sensitive data. A successful attack could lead to complete system compromise, allowing an attacker to execute arbitrary commands with the privileges of the PraisonAI process. The potential for remote code execution makes this a particularly concerning vulnerability, especially in environments where PraisonAI is exposed to untrusted external sources for template archives.

Exploitation Context

CVE-2026-39307 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the "Zip Slip" vulnerability is a well-known attack pattern. The vulnerability was publicly disclosed on 2026-04-07. The probability of exploitation is considered medium, given the ease of exploitation once a template archive is compromised.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports1 threat report

EPSS

0.05% (14% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H8.1HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentpraisonaiai
VendorMervinPraison
Affected rangeFixed in
< 4.5.113 – < 4.5.1134.5.114

Weakness Classification (CWE)

CWE-22

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2026-39307 is to immediately upgrade PraisonAI to version 1.5.113 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider restricting the sources from which PraisonAI can download templates to trusted locations only. Implement input validation and sanitization on any template archives before extraction to prevent malicious file paths. While a WAF or proxy cannot directly prevent this vulnerability, they can be configured to monitor for suspicious file write activity.

How to fix

Actualice PraisonAI a la versión 1.5.113 o superior para mitigar la vulnerabilidad de deslizamiento de archivos.  Asegúrese de que las plantillas se extraigan en un directorio seguro y controlado para evitar la escritura de archivos fuera del directorio de destino.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-39307 — Arbitrary File Access in PraisonAI?

CVE-2026-39307 is a HIGH severity vulnerability in PraisonAI versions 1.5.113 and below that allows attackers to write arbitrary files during template installation due to a "Zip Slip" flaw.

Am I affected by CVE-2026-39307 in PraisonAI?

You are affected if you are using PraisonAI versions 1.5.113 or earlier. Upgrade to version 1.5.113 or later to resolve this vulnerability.

How do I fix CVE-2026-39307 in PraisonAI?

The recommended fix is to upgrade PraisonAI to version 1.5.113 or later. If immediate upgrade is not possible, restrict template download sources and implement input validation.

Is CVE-2026-39307 being actively exploited?

While no active exploitation has been confirmed, the vulnerability is considered medium risk due to the ease of exploitation and the prevalence of "Zip Slip" attacks.

Where can I find the official PraisonAI advisory for CVE-2026-39307?

Refer to the PraisonAI security advisory for detailed information and updates regarding CVE-2026-39307: [https://www.praisona.ai/security/advisories](https://www.praisona.ai/security/advisories)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs