CVE-2026-40157

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

PT-2018-10244 · Red Hat · Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Openshift Enterprise versions 3.x Description: A flaw was found in the source-to-image function, specifically in the improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go, which leads to privilege escalation...