PyPI: praisonai
CVE-2026-39306
Safety vulnerability ID: SFTY-20260406-01008
Safety legacy ID: pyup.io-92086
Affected versions of the PraisonAI package are vulnerable to Path Traversal due to the use of tar.extractall() without validation of archive member paths in the recipe registry pull workflow. Both the LocalRegistry.pull() and HttpRegistry.pull() methods in registry.py extract downloaded .praison tar archives directly into the output directory without inspecting or sanitising tar member paths for traversal sequences. A malicious publisher can upload a recipe bundle containing entries with relative path components that escape the intended extraction directory, causing arbitrary files to be written on the filesystem of any user who pulls the compromised recipe.
Overview
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
Advisory
Affected versions of the PraisonAI package are vulnerable to Path Traversal due to the use of tar.extractall() without validation of archive member paths in the recipe registry pull workflow. Both the LocalRegistry.pull() and HttpRegistry.pull() methods in registry.py extract downloaded .praison tar archives directly into the output directory without inspecting or sanitising tar member paths for traversal sequences. A malicious publisher can upload a recipe bundle containing entries with relative path components that escape the intended extraction directory, causing arbitrary files to be written on the filesystem of any user who pulls the compromised recipe.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260406-01008/CVE-2026-39306
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39306
- https://data.safetycli.com/changelogs/praisonai/
- https://github.com/advisories/GHSA-4rx4-4r3x-6534
- https://pypi.org/project/praisonai
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4rx4-4r3x-6534
- https://github.com/MervinPraison/PraisonAI/releases/tag/v4.5.113
- https://nvd.nist.gov/vuln/detail/CVE-2026-39306
- https://github.com/advisories/GHSA-4rx4-4r3x-6534
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more