CVE-2026-39307

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113

Description PraisonAI is a multi-agent teams system. The templates installation feature is susceptible to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources, the application uses Python’s zipfile.extractall() without verifying if the files within the archive resolve outside of the intended extraction directory. A specially crafted ZIP archive can contain file entries with relative paths that, when extracted, can overwrite arbitrary files on the victim’s filesystem. The vulnerable code is located in src/praisonai/praisonai/cli/features/templates.py (Line 852) and uses the zipfile.extractall() function. A proof-of-concept involves creating a malicious ZIP archive with file entries containing directory traversal sequences (e.g., '../../../../../../../tmp/zip slip pwned.txt') and tricking a user into installing the template. This can lead to system corruption or Remote Code Execution (RCE).

Recommendations Update to PraisonAI version 1.5.113 or later.