Strix
26.1K

CVE-2026-39306

HIGHCVSS 7.3/10EPSS 0.29%

Last modified

CVE-2026-39306 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate archive member paths before extraction. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that recipe will write files outside the output directory they selected. This is a path traversal / arbitrary file write vulnerability on the client side of the recipe registry workflow. It affects both the local registry pull path and the HTTP registry pull path. The checksum verification does not prevent exploitation because the malicious traversal payload is part of the signed bundle itself. This vulnerability is fixed in 1.5.113.

Metrics

CVSS 3.1
7.3/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

EPSS Probability
0.29%

20.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
PraisonPraisonai<= 4.5.112

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2026-39306?
PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that recipe will write files outside the output directory they selected. This is a path traversal / arbitrary file write vulnerability on the client side of the recipe registry workflow. It affects both the local registry pull path and the HTTP registry pull path. The checksum verification does not prevent exploitation because the malicious traversal payload is part of the signed bundle itself. This vulnerability is fixed in 1.5.113.
How severe is CVE-2026-39306?
CVE-2026-39306 has a CVSS score of 7.3/10 (HIGH severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.
How do I fix CVE-2026-39306?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-39306?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST