A vulnerability was found in MervinPraison PraisonAI up to 4.5.112 . It has been rated as critical . This issue affects some unknown processing of the component Action Orchestrator Feature . Performing a manipulation results in path traversal. This vulnerability is reported as CVE-2026-39305 . The attack requires a local approach. No exploit exists. Upgrading the affected component is advised.