CVE-2026-44340

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.37

Description The safe extractall() helper function, used in recipe pull, recipe publish, and recipe unpack flows, fails to validate member.linkname and does not reject symlink or hardlink members. Additionally, it calls tar.extractall(dest dir) without the filter="data" option. An attacker can use a bundle containing a symlink that points outside the destination directory, followed by a regular file that traverses this symlink, to write arbitrary content to a chosen location on the victim's filesystem.

Recommendations Update to version 4.6.37.