python · praisonaiCritical
PraisonAI multiedit tool allows arbitrary file read/write
The `multiedit` tool in `src/praisonai/praisonai/tools/multiedit.
What changed
The `multiedit` tool in `src/praisonai/praisonai/tools/multiedit.py` lacks path validation, workspace boundary checks, protected path guards, and symlink resolution, allowing arbitrary file read and write.
Who it affects
All deployments where agents have the `multiedit` tool available, including PraisonAI CLI and chat bot deployments with `auto_approve_tools=True`.
What to do today
Apply path validation (reject `..`, resolve symlinks, check workspace boundary) and protected path guards to `multiedit` before any `open()` call, or disable the tool until patched.
The trail
Collected→
Audited→
Written→
Published