PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastContext feature (praisonaiagents.context.fast). FastContextAgent.executetool() prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths before enforcing workspace containment. As a result, tool arguments or model-generated function calls to grepsearch, globsearch, readfile, or listdirectory can supply absolute paths or '../' traversal sequences to read, search, and enumerate files outside the intended workspace directory, with file contents returned to the caller or injected into the model's tool-result context.
{
"cna_assigner": "VulnCheck",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/61xxx/CVE-2026-61432.json",
"cwe_ids": [
"CWE-22"
],
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"fixed": "1.6.78"
}
]
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"fixed": "1.6.78"
}
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "1.6.78"
}
]
}
]
}