CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-61431

mediumCVSS 5.5covered by 1 sourcefirst seen 2026-07-10
PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and include their contents in the generated context bundle.

⚡ Watch CVE-2026-61431

Get an email if CVE-2026-61431 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-61431

CVE.org record

Embed the live status

CVE-2026-61431 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-61431 status](https://www.csirts.com/badge/CVE-2026-61431)](https://www.csirts.com/cve/CVE-2026-61431)