In-Depth Analysis of PraisonAI Vulnerability to Unauthenticated Arbitrary File Read
PraisonAI is vulnerable to an unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, and deploy.validate. This vulnerability has a severity score of 8.7 and is identified as CVE-2026-47394. The issue arises from an incomplete fix for a previous vulnerability, GHSA-9mqq-jqxf-grvw / CVE-2026-44336, where four file-handling tools were registered by default with no containment check. Specifically, the tools 'praisonai.workflow.show', 'praisonai.workflow.validate', and 'praisonai.deploy.validate' are affected.