PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-61431 MervinPraison CVE debrief

CVE-2026-61431 is a path traversal vulnerability in PraisonAI's ContextGatherer component. The vulnerability occurs due to insufficient validation of include paths in .praisoncontext and .praisoninclude files. This allows attackers to supply absolute paths or parent directory traversal sequences, enabling them to read arbitrary files outside the workspace and include their contents in the generated context bundle. The vulnerability has a CVSS score of 6.8 and a severity rating of MEDIUM. Users of PraisonAI versions before 4.6.78 should be aware of this vulnerability and take necessary actions to mitigate the risk.

Vendor
MervinPraison
Product
PraisonAI
CVSS
MEDIUM 6.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of PraisonAI versions before 4.6.78 should be aware of this vulnerability and take necessary actions to mitigate the risk. This vulnerability has a CVSS score of 6.8 and a severity rating of MEDIUM. Operators, administrators, and security teams responsible for PraisonAI deployments should review the vulnerability details and implement recommended actions to prevent exploitation.

Technical summary

The vulnerability exists in the ContextGatherer component of PraisonAI, specifically in the handling of include paths in .praisoncontext and .praisoninclude files. This allows attackers to supply absolute paths or parent directory traversal sequences, enabling them to read arbitrary files outside the workspace and include their contents in the generated context bundle. The affected versions are before 4.6.78. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

MEDIUM

Recommended defensive actions

  • Update PraisonAI to version 4.6.78 or later
  • Restrict access to .praisoncontext and .praisoninclude files
  • Implement additional monitoring and logging to detect potential exploitation attempts
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-10T15:16:49.947Z and was last modified on 2026-07-10T17:41:47.303Z. The NVD entry is currently Deferred. The vulnerability was reported by a third-party researcher and is based on limited source information. Additional verification and review are recommended.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T15:16:49.947Z and has not been modified since then. The NVD entry is currently Deferred.