What happened
MultiAgentMonitor in PraisonAI fails to sanitize agent IDs when constructing file system paths, allowing path traversal attacks via sequences like ../ in the agent ID.
Why it matters
Unrestricted file access on the PraisonAI host allows attackers to read configuration files, steal credentials, modify agent behavior, or plant backdoors.
Attack vector
PraisonAI's MultiAgentMonitor component fails to sanitize agent IDs when building file paths. Attacker registers an agent with a traversal sequence (e.g., ../../../etc/passwd) in the agent ID, allowing reads/writes outside intended directories.
Affected systems
PraisonAI < 1.5.115
Mitigation
Upgrade to PraisonAI 1.5.115 or later. Sanitize all user-supplied identifiers before constructing file paths.