PraisonAI has an Arbitrary File Write in Python API

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. writefile skips path validation when workspace=None always None in production. Affected PraisonAI outputfile: /tmp/flag.txt...

PT-2026-45056

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write file skips path validation when workspace=None always None in production. Affected PraisonAI output file: /tmp/flag.txt output...

CVE-2026-44335

CVE-2026-44335 concerns PraisonAI prior to 1.6.32 with an SSRF bypass in the URL validation logic. The vulnerability arises from a discrepancy between Python urlparse() parsing and the requests library when handling certain URLs (e.g., http://127.0.0.1:[email protected]). urlparse() may extract a publ...

CVE-2026-40313

Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...

CVE-2026-40288

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

EUVD-2026-22207

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

CVE-2026-40112

PraisonAI (multi-agent system) is affected by a Stored XSS in the Flask API before version 4.5.128. The /src/praisonai/api.py endpoint renders agent output as HTML using a _sanitize_html routine that relies on the nh3 library, which is not declared as a required/optional dependency in pyproject.t...

aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by unknown CVE via praisonai (=1.7.1)

praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-PRAISONAI-15954207...

aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by CVE-2026-39888 via praisonai (=1.7.1)

praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: CVE-2026-39888 Source advisory: SNYK:JS-PRAISONAI-15954210...

Arbitrary File Upload

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...