3 matches found
CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...
aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by CVE-2026-39888 via praisonai (=1.7.1)
praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: CVE-2026-39888 Source advisory: SNYK:JS-PRAISONAI-15954210...
CVE-2026-39888
creationtimestamp| type| source ---|---|--- 2026-04-07 20:48:08+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qf73-2hrx-xprp 2026-04-07 20:48:08+00:00| published-proof-of-concept|...