Lucene search
+L

17 matches found

cvelist
cvelist
added 5 days ago35 views

CVE-2026-60090 PraisonAI before 4.6.78 SQL/CQL Injection via vector dimension

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...

9.8CVSS0.0041EPSS
Exploits0References3
osv
osv
added 6 days ago3 views

CVE-2026-61431 PraisonAI before 4.6.78 Path Traversal via ContextGatherer

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and inclu...

6.8CVSS6.2AI score0.00259EPSS
Exploits0References5
osv
osv
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-470 PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`

Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References5
osv
osv
added 2026/06/19 12:31 a.m.8 views

GHSA-X44P-GG67-52FC Duplicate Advisory: PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ffp3-3562-8cv3. This link is maintained to preserve external references. Original Description PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing...

6.8CVSS5.8AI score0.00116EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/18 10:12 p.m.9 views

CVE-2026-56075

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
github
github
added 2026/05/29 10:31 p.m.26 views

PraisonAI has an Arbitrary File Write in Python API

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. writefile skips path validation when workspace=None always None in production. Affected PraisonAI outputfile: /tmp/flag.txt...

6AI score0.00051EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/05/29 10:31 p.m.4 views

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.1AI score0.00084EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.14 views

PT-2026-45056

Name of the Vulnerable Software and Affected Versions PraisonAI versions 4.6.37 and earlier Description Hidden metadata within a webpage can trick PraisonAI agents into writing attacker-controlled content to arbitrary file paths. This occurs because the write file function skips path validation...

7.1CVSS6.2AI score0.00051EPSS
Exploits0References7
cve
cve
added 2026/05/08 1:26 p.m.26 views

CVE-2026-44335

CVE-2026-44335 concerns PraisonAI prior to 1.6.32 with an SSRF bypass in the URL validation logic. The vulnerability arises from a discrepancy between Python urlparse() parsing and the requests library when handling certain URLs (e.g., http://127.0.0.1:[email protected]). urlparse() may extract a publ...

9.8CVSS5.7AI score0.00378EPSS
Exploits1References1Affected Software1
cve
cve
added 2026/04/14 3:10 a.m.23 views

CVE-2026-40313

Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...

9.1CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/04/14 3:0 a.m.7 views

CVE-2026-40288

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

9.8CVSS6.4AI score0.00609EPSS
Exploits1References2Affected Software2
euvd
euvd
added 2026/04/14 2:55 a.m.7 views

EUVD-2026-22207

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

8.4CVSS6.4AI score0.00246EPSS
Exploits1References1
cve
cve
added 2026/04/09 9:16 p.m.18 views

CVE-2026-40112

PraisonAI (multi-agent system) is affected by a Stored XSS in the Flask API before version 4.5.128. The /src/praisonai/api.py endpoint renders agent output as HTML using a _sanitize_html routine that relies on the nh3 library, which is not declared as a required/optional dependency in pyproject.t...

6.1CVSS6AI score0.00216EPSS
Exploits1References1Affected Software1
vulnersosv
vulnersosv
added 2026/04/08 7:21 p.m.6 views

aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by unknown CVE via praisonai (=1.7.1)

praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-PRAISONAI-15954207...

5.8AI score
Exploits0
vulnersosv
vulnersosv
added 2026/04/08 7:17 p.m.6 views

aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by CVE-2026-39888 via praisonai (=1.7.1)

praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: CVE-2026-39888 Source advisory: SNYK:JS-PRAISONAI-15954210...

9.9CVSS5.8AI score0.00541EPSS
Exploits0
snyk
snyk
added 2026/04/06 11:9 p.m.4 views

Arbitrary File Upload

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.6CVSS5.8AI score0.00291EPSS
Exploits1References3
snyk
snyk
added 2026/04/01 11:20 p.m.4 views

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.1AI score0.00824EPSS
Exploits1References2
Rows per page
Query Builder