PT-2026-53551 · Pypi · Praisonai

Published

2026-06-29

·

Updated

2026-06-29

CVSS v3.1

9.0

Critical

VectorAV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or compromised agent) to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments (../) in the target path, malicious actions can overwrite sensitive system files or drop executable payloads on the host.

Details

Location: src/praisonai/praisonai/cli/features/action orchestrator.py (Lines 402, 409, 423)
Vulnerable Code snippet:
python
target = workspace / step.target
In the apply step method, paths are constructed by concatenating the workspace path with a user-supplied step.target string: target = workspace / step.target. The code fails to resolve and validate that the final absolute path remains within the bounds of the workspace directory. When processing FILE CREATE or FILE EDIT actions, this flaw permits arbitrary file modification.

PoC

Construct a malicious ActionStep payload with path traversal characters:
python
 from praisonai.cli.features.action orchestrator import ActionStep, ActionType, ActionStatus
 
# Payload targeting a file outside the workspace
step = ActionStep(
  id="test traversal",
  action type=ActionType.FILE CREATE,
  description="Malicious file write",
  target="../../../../../../../tmp/orchestrator pwned.txt",
  params={"content": "pwned"},
  status=ActionStatus.APPROVED
)

# When the orchestrator applies this step, it writes to the traversed path
# apply step(step)

Impact

This is an Arbitrary File Write vulnerability. Anyone running the Action Orchestrator to apply modifications is vulnerable. A malicious prompt could trick the agent into generating a plan that overwrites critical files (e.g., ~/.ssh/authorized keys, .bashrc) leading to Remote Code Execution (RCE) or system corruption.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

PYSEC-2026-475

Affected Products

Praisonai