CVE-2026-39307
Published: 07 April 2026
Summary
CVE-2026-39307 is a high-severity Path Traversal (CWE-22) vulnerability in Praison Praisonai. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of file paths in ZIP archives during extraction to prevent path traversal outside the intended directory.
Mandates timely remediation of flaws like this Zip Slip vulnerability through patching to version 1.5.113 or later.
Restricts installation of unapproved software or templates from external sources, reducing the risk of user-initiated exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables an attacker to host a malicious ZIP archive externally and trick a user into triggering the template installation feature, which uses vulnerable zipfile.extractall() to perform arbitrary file writes via path traversal. This directly maps to user execution of a malicious file.
NVD Description
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses Python's zipfile.extractall()…
more
without verifying if the files within the archive resolve outside of the intended extraction directory. This vulnerability is fixed in 1.5.113.
Deeper analysisAI
CVE-2026-39307 is a Zip Slip arbitrary file write vulnerability in PraisonAI, a multi-agent teams system, affecting versions prior to 1.5.113. The issue lies in the templates installation feature, where the application downloads and extracts template archives from external sources such as GitHub using Python's zipfile.extractall() function. This extraction process lacks validation to ensure files within the archive do not resolve outside the intended directory, enabling path traversal attacks classified under CWE-22.
The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H), indicating network accessibility, low attack complexity, no privileges required, but user interaction needed. An attacker can craft a malicious ZIP archive hosted externally and trick a user into downloading and installing it via PraisonAI's template feature. Successful exploitation allows arbitrary file writes on the victim's system, potentially overwriting critical files and causing high integrity and availability disruptions, though confidentiality is not impacted.
The vulnerability is fixed in PraisonAI version 1.5.113. Practitioners should upgrade to this version or later to mitigate the issue. Additional details are available in the GitHub security advisory at https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4ph2-f6pf-79wv.
Details
- CWE(s)