An unauthenticated directory traversal vulnerability in PraisonAI permits attackers to overwrite critical system files, leading to full system compromise via arbitrary code execution.

The MCP server fails to validate input paths, allowing an attacker to use directory traversal sequences (e.g., ../../) to write files outside the intended directory. This permits the dropping of malicious Python .pth files into site-packages, resulting in arbitrary code execution in subsequent Python processes.

Successful exploitation allows an attacker to gain persistent, unauthorized access to the host server. This poses a significant risk of data theft, configuration tampering, and full system takeover. The 9.6 CVSS score underscores the severity of this vulnerability, necessitating urgent intervention to prevent exploitation.

Immediate Action: Update the PraisonAI installation to version 4.6.34 immediately to enforce strict path validation and containment checks.

Proactive Monitoring: Review file integrity logs for unauthorized modifications in Python site-packages or unexpected file creation within the application's base directory.

Compensating Controls: Restrict the service account running the PraisonAI process to the minimum necessary filesystem permissions to limit the scope of potential file overwrites.

Public Exploit Available: false

This vulnerability represents a severe risk of persistence and code execution. Security teams must treat this as a high-priority update. Ensure all instances are patched to version 4.6.34 and verify that the service is running with the least privilege required to perform its functions.