CVE-2026-35615: Praisonai Workspace Access Bypass

A file operation is performed without validating workspace access permissions. This relies entirely on stateless path validation which lacks workspace containment context, enabling potential path traversal or arbitrary file modifications outside the sandbox.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0python

greprules fetch cve-2026-35615-praisonai-workspace-access-bypass --engine opengrep

Description

A file operation is performed without validating workspace access permissions. This relies entirely on stateless path validation which lacks workspace containment context, enabling potential path traversal or arbitrary file modifications outside the sandbox.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 109 downloads
0 direct109 via packs
· 0 stars · Trust score 61How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata