High github · GHSA-hvhp-v2gc-268q

PraisonAI has an Arbitrary File Write in Python API

Published May 29, 2026 CVSS 0.0

Bug Report: Arbitrary File Write in Python API

Summary

Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write_file skips path validation when workspace=None (always None in production).

Affected

PraisonAI

Prompt Injection Remote Code Execution

Affected AI Products

prompt injection deepseek openai llm

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.