CVE-2026-44340: CVE-2026-44340: Arbitrary File Write via Symlink Traversal in PraisonAI Tar Extra…

1 / 2

CVE-2026-44340: CVE-2026-44340: Arbitrary File Write via Symlink Traversal in PraisonAI Tar Extraction

DEV Community·CVE Reports·21 days ago

#PYfR7U9w

#exploit #commit #security #cve #praisonai #arbitrary

Reading 0:00

15s threshold

CVE-2026-44340: Arbitrary File Write via Symlink Traversal in PraisonAI Tar Extraction Vulnerability ID: CVE-2026-44340 CVSS Score: 8.7 Published: 2026-05-11 PraisonAI versions prior to 4.6.37 contain a path traversal vulnerability in the _safe_extractall function. The flaw allows an attacker to write arbitrary files outside the intended extraction directory via maliciously crafted tar archives containing unresolved symbolic links. TL;DR A symlink-based path traversal in PraisonAI's recipe unpacking allows arbitrary file overwriting, potentially leading to remote code execution.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-44340: CVE-2026-44340: Arbitrary File Write via Symlink Traversal in PraisonAI Tar Extraction