{"data":{"id":"e8ac6e7d-1f4b-421b-847a-c4d074d966b1","title":"GHSA-9cr9-25q5-8prj: PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate","summary":"PraisonAI has a security vulnerability where unauthenticated users can read any file on the system through multiple handlers like `workflow.show`, `workflow.validate`, and `deploy.validate`. The problem exists because these file-handling tools don't validate or restrict file paths before reading them, and the dispatcher that calls these tools doesn't enforce security checks on incoming requests.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-9cr9-25q5-8prj","publishedAt":"2026-05-29T22:30:58.000Z","cveId":"CVE-2026-47394","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["PraisonAI@<= 4.6.39 (fixed: 4.6.40)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["PraisonAI","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-29T22:30:58.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}