CVE-2026-41497

CVE-2026-41497 concerns PraisonAI’s MCP command handling. The pre-4.6.9 code path lacks a command allowlist and argument validation in parse_mcp_command(), allowing arbitrary executables (e.g., bash, python, /bin/sh) to pass through to subprocess execution. This can enable inline code execution b...

CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

CVE-2026-41496

CVE-2026-41496 affects PraisonAI’s multi‑agent system where 9 conversation backends (MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB) pass table_prefix directly into SQL, enabling unvalidated injection points (52 total). Root cause mirrors CVE-2026-40315 ...

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 4.5.139 to 4.6.32 had a code injection vulnerability. This vulnerability stemmed from insufficient protection for automatic tool imports in the tooloverride.py script, allowing...

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.6.32 contained code vulnerabilities. These vulnerabilities stemmed from logical flaws in the URL checking logic, which could allow attackers to bypass the checks and execute...

PraisonAI 输入验证错误漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 2.4.1 to 4.6.34 contained a vulnerability related to input validation errors. This vulnerability stemmed from unvalidated name and set parameter construction tables and index...

PraisonAI 访问控制错误漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 2.5.6 to 4.6.34 contained an access control vulnerability. This vulnerability stemmed from the Flask API server, which disabled authentication by default, allowing callers without a...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 and PraisonAIagents prior to 1.6.37 have security vulnerabilities. These vulnerabilities stem from unresolved tool name resolution issues, which may allow attackers to...

PraisonAI SQL注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from multiple backends passing table prefixes directly into f-string SQL statements, which could lead ...

PraisonAI 命令注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 had a command injection vulnerability. This vulnerability stemmed from the lack of a command whitelist or parameter validation in the MCP command processing mechanism,...

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 contained a path traversal vulnerability. This vulnerability stemmed from the safeextractall helper function not verifying the linkname of members and not rejecting...

PT-2026-39007

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.37 Description The safe extractall helper function, used in recipe pull, recipe publish, and recipe unpack flows, fails to validate member.linkname and does not reject symlink or hardlink members. Additionally, ...

PT-2026-39004

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.4.1 through 4.6.33 Description PraisonAI is a multi-agent teams system that exposes optional SQL/CQL-backed knowledge-store implementations. These implementations build table and index identifiers using unvalidated name an...

PT-2026-39003

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...

GHSA-XCMW-GRXF-WJHJ PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

PraisonAI has an SSRF bypass

Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

PraisonAI has an unspecified vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

PraisonAI Code Issue Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a code issue vulnerability that stems from the FileTools.downloadfile function validating the target path but not validating the url parameter, which can be exploited by an attacker to cause the attacke...