Vulnerability  ·  2026-07-11

PraisonAI — Repository-Controlled Config Enables Path Traversal in output_file (CVSS 5.5)

VulnerabilityMedium impactGlobalCVE-2026-60089
PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, without validating the defaults.output.output_file path. A repository-controlled config file can set output_file to an absolute or '../' traversal path, which is used when the developer calls agent.start().
An attacker who can influence a repository's config file (e.g., via a malicious PR or supply-chain contribution) can cause a PraisonAI agent to write output to arbitrary filesystem locations outside the intended project directory when the victim developer runs the agent.
Malicious .praisonai/config.toml in a repository sets output_file to an absolute or traversal path, exploited when a developer runs agent.start()
PraisonAI (pip package praisonaiagents) < 1.6.78
Upgrade to PraisonAI ≥1.6.78; review repository-local config files before running agents against untrusted repos
GitHub commit
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →