CVE-2026-40152: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MervinPraison PraisonAIAgents
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob() without any validation. Since Python's Path.glob() supports .. path segments, an attacker can use relative path traversal in the glob pattern to enumerate arbitrary files outside the workspace, obtaining file metadata (existence, name, size, timestamps) for any path on the filesystem. This vulnerability is fixed in 1.5.128.
AI Analysis
Technical Summary
PraisonAIAgents is affected by a CWE-22 path traversal vulnerability in its list_files() tool prior to version 1.5.128. While the directory parameter is validated against workspace boundaries, the pattern parameter passed to Python's Path.glob() is not validated. Since Path.glob() supports relative path segments like '..', an attacker can craft a pattern to traverse outside the workspace and enumerate arbitrary filesystem files, obtaining metadata such as file existence, names, sizes, and timestamps. This vulnerability allows information disclosure of file metadata but does not allow modification or denial of service. The issue is resolved in version 1.5.128.
Potential Impact
An attacker can use this vulnerability to enumerate files outside the intended workspace directory by leveraging path traversal in the glob pattern. This results in disclosure of file metadata including existence, file names, sizes, and timestamps. There is no indication of impact on file contents, integrity, or availability. The vulnerability is rated medium severity with a CVSS score of 5.3.
Mitigation Recommendations
This vulnerability is fixed in PraisonAIAgents version 1.5.128. Users should upgrade to version 1.5.128 or later to remediate this issue. Patch status is not explicitly stated beyond this fix version, so verify with the vendor advisory for the latest remediation guidance.
CVE-2026-40152: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MervinPraison PraisonAIAgents
Description
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob() without any validation. Since Python's Path.glob() supports .. path segments, an attacker can use relative path traversal in the glob pattern to enumerate arbitrary files outside the workspace, obtaining file metadata (existence, name, size, timestamps) for any path on the filesystem. This vulnerability is fixed in 1.5.128.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAIAgents is affected by a CWE-22 path traversal vulnerability in its list_files() tool prior to version 1.5.128. While the directory parameter is validated against workspace boundaries, the pattern parameter passed to Python's Path.glob() is not validated. Since Path.glob() supports relative path segments like '..', an attacker can craft a pattern to traverse outside the workspace and enumerate arbitrary filesystem files, obtaining metadata such as file existence, names, sizes, and timestamps. This vulnerability allows information disclosure of file metadata but does not allow modification or denial of service. The issue is resolved in version 1.5.128.
Potential Impact
An attacker can use this vulnerability to enumerate files outside the intended workspace directory by leveraging path traversal in the glob pattern. This results in disclosure of file metadata including existence, file names, sizes, and timestamps. There is no indication of impact on file contents, integrity, or availability. The vulnerability is rated medium severity with a CVSS score of 5.3.
Mitigation Recommendations
This vulnerability is fixed in PraisonAIAgents version 1.5.128. Users should upgrade to version 1.5.128 or later to remediate this issue. Patch status is not explicitly stated beyond this fix version, so verify with the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T19:31:56.013Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d843771cc7ad14da3fb5cc
Added to database: 4/10/2026, 12:25:27 AM
Last enriched: 4/17/2026, 11:51:58 AM
Last updated: 5/25/2026, 2:41:15 AM
Views: 73
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.