CVE-2026-39305: PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

April 6, 2026

The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or compromised agent) to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments (../) in the target path, malicious actions can overwrite sensitive system files or drop executable payloads on the host.

References

github.com/MervinPraison/PraisonAI
github.com/MervinPraison/PraisonAI/releases/tag/v4.5.113
github.com/MervinPraison/PraisonAI/security/advisories/GHSA-jfxc-v5g9-38xr
github.com/advisories/GHSA-jfxc-v5g9-38xr
nvd.nist.gov/vuln/detail/CVE-2026-39305

Code Behaviors & Features

Detect and mitigate CVE-2026-39305 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →