CVE-2026-39308

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113

Description PraisonAI's recipe registry publish endpoint is susceptible to a path traversal issue. Prior to version 1.5.113, the endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's manifest.json file before validating the manifest's name and version against the HTTP route. A malicious publisher can exploit this by including ../ traversal sequences within the bundle manifest, potentially causing the registry server to create files outside the configured registry root. Although the request is ultimately rejected with an HTTP 400 error, the unauthorized file write persists on disk. This impacts deployments exposing the recipe registry publish flow, and is exploitable by any network client if the registry runs without a token, or by any user with publish access if a token is configured.

Recommendations Validate the manifest.json name and version before any filesystem operation. Reject path separators, .., absolute paths, and any value that fails the existing validate name() / validate version() checks. Resolve the final destination path and ensure it remains within the configured registry root before creating directories or copying files. Move the URL-to-manifest consistency check before calling the publish function, or refactor the publish function to receive already-validated route parameters.