CVE-2026-56078
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk48th percentile - higher than 48% of all known CVEs
Summary
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files.
Risk Assessment
This vulnerability may lead to sensitive data disclosure, denial of service, or code execution, posing a serious threat to the organization's security.
Recommendation
It is recommended to update PraisonAI to version 1.5.115 or later and implement additional security measures to mitigate the risk associated with path traversal.
Original NVD description (English source)
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of service, or code execution.

