CVE-2026-40157: PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

April 10, 2026

cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who distributes a malicious bundle can overwrite arbitrary files on the victim’s filesystem when they run praisonai recipe unpack.

References

github.com/MervinPraison/PraisonAI
github.com/MervinPraison/PraisonAI/releases/tag/v4.5.128
github.com/MervinPraison/PraisonAI/security/advisories/GHSA-99g3-w8gr-x37c
github.com/advisories/GHSA-99g3-w8gr-x37c
nvd.nist.gov/vuln/detail/CVE-2026-40157

Code Behaviors & Features

Detect and mitigate CVE-2026-40157 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →