2 matches found
CVE-2026-40148
PraisionAI (multi-agent system) is affected by CVE-2026-40148 prior to version 4.5.128. The _safe_extractall() function in PraisionAI’s recipe registry validates members for path traversal but does not enforce limits on individual member sizes, total extracted size, or member count before tar.ext...
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...