top of page
perceptive_background_267k.jpg

PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attac…

Published:

6 April 2026 at 22:00:00

Alert date:

7 April 2026 at 18:06:01

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

PraisonAI, a multi-agent teams system, contains a Zip Slip vulnerability in versions prior to 1.5.113. The vulnerability exists in the templates installation feature where the application uses Python's zipfile.extractall() without proper validation when downloading and extracting template archives from external sources like GitHub. This allows for arbitrary file write attacks as files within archives can resolve outside the intended extraction directory. The vulnerability has been patched in version 1.5.113.

Technical details

Mitigation steps:

Affected products:

PraisonAI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-39307
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4ph2-f6pf-79wv

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page