CVE-2026-47397: PraisonAI has an Arbitrary File Write in Python API
Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write_file skips path validation when workspace=None (always None in production).
References
Code Behaviors & Features
Detect and mitigate CVE-2026-47397 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →