{"data":{"id":"82d0dd32-a482-489f-afe6-1a86dfe659a4","title":"GHSA-29w3-p9w9-wc47: PraisonAI: Arbitrary File Read/Write via `multiedit` Tool Without Path Validation","summary":"The `multiedit` tool in PraisonAI allows an AI agent to read and write any file on the system without checking file paths or boundaries, because it passes the filepath directly to the `open()` function without validation. An attacker who can control what the agent does, such as through crafted prompts or malicious workflow configurations, could steal sensitive files like SSH keys and credentials, or overwrite important files to take control of the system.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-29w3-p9w9-wc47","publishedAt":"2026-06-18T14:27:03.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":["praisonai@< 4.6.61 (fixed: 4.6.61)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-18T14:27:03.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}