CVE-2026-40148: PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

April 10, 2026

The _safe_extractall() function in PraisonAI’s recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall(). An attacker can publish a malicious recipe bundle containing highly compressible data (e.g., 10GB of zeros compressing to ~10MB) that exhausts the victim’s disk when pulled via LocalRegistry.pull() or HttpRegistry.pull().

References

github.com/MervinPraison/PraisonAI
github.com/MervinPraison/PraisonAI/releases/tag/v4.5.128
github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f2h6-7xfr-xm8w
github.com/advisories/GHSA-f2h6-7xfr-xm8w
nvd.nist.gov/vuln/detail/CVE-2026-40148

Code Behaviors & Features

Detect and mitigate CVE-2026-40148 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →