Cyber Resilience

CVE-2026-44340

HighPublic PoC

Published: 08 May 2026

Published
08 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0043 34.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-44340 is a high-severity Path Traversal (CWE-22) vulnerability in Praison Praisonai. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 34.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but…

more

does not validate member.linkname, does not reject symlink/hardlink members, and calls tar.extractall(dest_dir) without filter="data". A bundle that contains a symlink with a name inside dest_dir but a linkname pointing outside it, followed by a regular file whose path traverses through the just-created symlink, escapes dest_dir and lets the attacker write arbitrary content to an attacker-chosen location on the victim's filesystem. This issue has been patched in version 4.6.37.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Vulnerability in tar extraction allows attacker-supplied malicious archive to write arbitrary files outside intended directory via symlink traversal, directly enabling user execution of malicious file.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-39307Same product: Praison Praisonai
CVE-2026-40157Same product: Praison Praisonai
CVE-2026-39305Same product: Praison Praisonai
CVE-2026-40156Same product: Praison Praisonai
CVE-2026-39308Same product: Praison Praisonai
CVE-2026-35615Same product: Praison Praisonai
CVE-2026-39306Same product: Praison Praisonai
CVE-2026-39891Same product: Praison Praisonai
CVE-2026-34934Same product: Praison Praisonai
CVE-2026-34936Same product: Praison Praisonai

Affected Assets

praison
praisonai
≤ 4.6.37

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References