2 matches found
CVE-2026-35615 PraisonAI has a Path Traversal in FileTools
PraisonAI is a multi-agent teams system. Prior to 1.5.113, validatepath calls os.path.normpath first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and allows trivial path traversal...
CVE-2026-35615
PraisonAI contains a path traversal vulnerability in FileTools._validate_path (src/praisonai-agents/praisonaiagents/tools/file_tools.py, lines 42-49). The method normalizes the input with os.path.normpath() and then checks for ".." in the normalized path, which is ineffective because normalizatio...