A path traversal vulnerability exists in PraisonAI (praisonaiagents) before 1.6.78 in the FastContext feature (praisonaiagents.context.fast). The vulnerability allows attackers to read, search, and enumerate files outside the intended workspace directory, potentially leading to unauthorized access to sensitive information. Users of PraisonAI (praisonaiagents) before version 1.6.78 should apply the patch t [truncated]
CVE-2026-61431 is a path traversal vulnerability in PraisonAI's ContextGatherer component. The vulnerability occurs due to insufficient validation of include paths in .praisoncontext and .praisoninclude files. This allows attackers to supply absolute paths or parent directory traversal sequences, enabling them to read arbitrary files outside the workspace and include their contents in the generated contex [truncated]
CVE-2026-60089 is a path traversal vulnerability in PraisonAI, a pip package for AI agents. Versions before 1.6.78 are affected. The vulnerability allows an untrusted checked-out project to overwrite files outside the project root with the privileges of the user running PraisonAI. This is possible because PraisonAI automatically loads defaults from a project-local .praisonai/config.toml file and does not [truncated]
CVE-2026-60086 is a medium-severity vulnerability in PraisonAI before version 4.6.78, allowing attackers to bypass the prompt injection defense mechanism. The defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. This allows attackers to craft HIGH-level threat injections that can bypass the defense and reach the model. Security teams and ad [truncated]