17 matches found
CVE-2026-60090 PraisonAI before 4.6.78 SQL/CQL Injection via vector dimension
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...
CVE-2026-61431 PraisonAI before 4.6.78 Path Traversal via ContextGatherer
PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and inclu...
PYSEC-2026-470 PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...
GHSA-X44P-GG67-52FC Duplicate Advisory: PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ffp3-3562-8cv3. This link is maintained to preserve external references. Original Description PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing...
CVE-2026-56075
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...
PraisonAI has an Arbitrary File Write in Python API
Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. writefile skips path validation when workspace=None always None in production. Affected PraisonAI outputfile: /tmp/flag.txt...
Missing Authentication for Critical Function
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
PT-2026-45056
Name of the Vulnerable Software and Affected Versions PraisonAI versions 4.6.37 and earlier Description Hidden metadata within a webpage can trick PraisonAI agents into writing attacker-controlled content to arbitrary file paths. This occurs because the write file function skips path validation...
CVE-2026-44335
CVE-2026-44335 concerns PraisonAI prior to 1.6.32 with an SSRF bypass in the URL validation logic. The vulnerability arises from a discrepancy between Python urlparse() parsing and the requests library when handling certain URLs (e.g., http://127.0.0.1:[email protected]). urlparse() may extract a publ...
CVE-2026-40313
Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...
CVE-2026-40288
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...
EUVD-2026-22207
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
CVE-2026-40112
PraisonAI (multi-agent system) is affected by a Stored XSS in the Flask API before version 4.5.128. The /src/praisonai/api.py endpoint renders agent output as HTML using a _sanitize_html routine that relies on the nh3 library, which is not declared as a required/optional dependency in pyproject.t...
aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by unknown CVE via praisonai (=1.7.1)
praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-PRAISONAI-15954207...
aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by CVE-2026-39888 via praisonai (=1.7.1)
praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: CVE-2026-39888 Source advisory: SNYK:JS-PRAISONAI-15954210...
Arbitrary File Upload
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Command Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...