CVE-2026-35615 Overview
CVE-2026-35615 is a critical path traversal vulnerability in PraisonAI, a multi-agent teams system. The vulnerability exists in the _validate_path() function which incorrectly validates user-supplied file paths, allowing attackers to traverse the file system and access arbitrary files on the target system. This flaw stems from a flawed implementation where os.path.normpath() is called before checking for directory traversal sequences, effectively rendering the security check useless.
Critical Impact
This vulnerability allows unauthenticated remote attackers to read arbitrary files on systems running vulnerable versions of PraisonAI, potentially exposing sensitive configuration files, credentials, and other confidential data.
Affected Products
- PraisonAI versions prior to 1.5.113
Discovery Timeline
- 2026-04-07 - CVE-2026-35615 published to NVD
- 2026-04-09 - Last updated in NVD database
Technical Details for CVE-2026-35615
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as path traversal or directory traversal. The flaw allows attackers to access files and directories outside of the intended restricted directory by manipulating file path inputs with special characters like ../ sequences.
The vulnerability is exploitable over the network without requiring any user interaction or authentication, making it particularly dangerous for exposed PraisonAI instances. A successful exploitation could result in the disclosure of highly sensitive information from the affected system, including configuration files, environment variables containing secrets, and potentially other users' data.
Root Cause
The root cause lies in a logic error within the _validate_path() function's implementation. The function calls os.path.normpath() on the user-supplied path before checking for path traversal sequences. The os.path.normpath() function normalizes the path by collapsing redundant separators and up-level references (i.e., .. sequences). After normalization, the function checks for the presence of .. in the path, but since these sequences have already been collapsed by os.path.normpath(), the check will always pass regardless of the original input.
This represents a classic order-of-operations security bug where sanitization occurs before validation, completely bypassing the intended security control.
Attack Vector
The attack vector for this vulnerability is network-based. An attacker can exploit this vulnerability by sending specially crafted requests containing path traversal sequences (such as ../../../etc/passwd) to access files outside the intended directory. Since the validation check is ineffective, these malicious paths pass through unchecked, allowing the attacker to read any file accessible to the PraisonAI process on the system.
The attack requires no authentication or special privileges, and no user interaction is needed. An attacker simply needs network access to a vulnerable PraisonAI instance to exploit this flaw.
Detection Methods for CVE-2026-35615
Indicators of Compromise
- Unusual file access patterns in application logs showing requests for system files like /etc/passwd, /etc/shadow, or configuration files
- Web server or application logs containing path traversal sequences (../, ..%2f, %2e%2e/) in request URLs or parameters
- Unexpected data exfiltration alerts or large volumes of file read operations from the PraisonAI service
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block path traversal patterns in incoming requests
- Monitor application and web server logs for requests containing encoded or unencoded directory traversal sequences
- Deploy file integrity monitoring on sensitive system files to detect unauthorized access attempts
Monitoring Recommendations
- Enable verbose logging for the PraisonAI application to capture detailed request information
- Set up alerts for any access attempts to sensitive directories or files outside the application's normal working directory
- Review access logs regularly for anomalous patterns or requests targeting system configuration files
How to Mitigate CVE-2026-35615
Immediate Actions Required
- Upgrade PraisonAI to version 1.5.113 or later immediately
- Audit system logs for signs of exploitation prior to patching
- If immediate patching is not possible, restrict network access to the PraisonAI service to trusted IP addresses only
- Review and rotate any credentials or secrets that may have been exposed through this vulnerability
Patch Information
The vulnerability has been fixed in PraisonAI version 1.5.113. Users should upgrade to this version or later to remediate the vulnerability. The fix is available in the GitHub Release v4.5.113. Additional details about the vulnerability can be found in the GitHub Security Advisory GHSA-693f-pf34-72c5.
Workarounds
- Deploy a reverse proxy or WAF in front of PraisonAI configured to filter requests containing path traversal patterns
- Restrict file system permissions for the user account running PraisonAI to limit the impact of potential exploitation
- Implement network segmentation to limit access to PraisonAI instances from untrusted networks
# Example: Restrict network access using iptables
# Allow only trusted IP ranges to access the PraisonAI service
iptables -A INPUT -p tcp --dport 8080 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
