CVE Catalog

CVE-2026-56078

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.69%

48th percentile - higher than 48% of all known CVEs

Summary

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files.

Risk Assessment

This vulnerability may lead to sensitive data disclosure, denial of service, or code execution, posing a serious threat to the organization's security.

Recommendation

It is recommended to update PraisonAI to version 1.5.115 or later and implement additional security measures to mitigate the risk associated with path traversal.

Original NVD description (English source)

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of service, or code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS