427 matches found
PraisonAI Operating System Command Injection Vulnerability
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...
PraisonAI OS Command Injection Vulnerability (CNVD-2026-18145)
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...
SQL Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Command Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...
GHSA-9QHQ-V63V-FV3J PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...
PT-2026-37122
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.9 Description Insufficient command handling in the parse mcp command function allows for arbitrary code execution. The function fails to implement a command allowlist or argument validation, enabling executables...
CVE-2026-40159
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By...
CVE-2026-40112
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...
CVE-2026-40157
PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...
CVE-2026-40116
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...
CVE-2026-40313
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
CVE-2026-40288
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...
CVE-2026-40287
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
CVE-2026-40313
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
CVE-2026-40313
Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...
CVE-2026-40289
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...