Cross-site Scripting (XSS)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

CVE-2026-40157

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

CVE-2026-40159

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By...

CVE-2026-40158

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

CVE-2026-40159 PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By...

CVE-2026-40159 PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By...

CVE-2026-40159

PraisonAI's MCP integration (before 4.5.128) spawns background processes via stdio using user-supplied commands, and forwards the full parent environment to the subprocess. This allows any MCP invocation to inherit sensitive variables (API keys, tokens, database credentials), enabling potential c...

CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

CVE-2026-40158

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

CVE-2026-40158

PRAISONAI's AST-based Python sandbox (prior to 4.5.128) can be bypassed by a type.getattribute trampoline, enabling arbitrary code execution when untrusted agent code runs. The _execute_code_direct function filters dangerous attributes via AST checks, but only for ast.Attribute nodes, missing dyn...

CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

CVE-2026-40157

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

CVE-2026-40157

Summary: PraisionAI’s recipe unpack (cmd_unpack) before 4.5.128 is vulnerable to a path traversal in .praison tar archives. The code uses tar.extract() without validating archive member paths, so a bundle containing ../../ entries can write files outside the intended output directory. An attacker...

CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code v...

CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code v...