Product
A path traversal vulnerability exists in PraisonAI's recipe registry publish endpoint, allowing attackers to write files outside the registry root by manipulating the manifest file in a recipe bundle, despite eventual validation failure.