2 matches found
CVE-2026-39890
creationtimestamp| type| source ---|---|--- 2026-04-08 22:48:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizetxhbte2n 2026-04-09 01:27:32+00:00| published-proof-of-concept| Telegram/Dz-0u6C1u9T0WCXCs4W5hHtkLp3TtNEV9yEjsLh0yFvD1Y 2026-04-09 06:00:37+00:00| seen|...
CVE-2026-39890
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...