CVE-2026-39890

Prais onAI’s AgentService.loadAgentFromFile parses YAML with js-yaml without disabling dangerous tags (e.g., !!js/function, !!js/undefined), enabling attacker to upload a malicious agent definition and achieve remote code execution on the server. Affected software: PraisonAI (before 4.5.115). Roo...

CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...

CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...

CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

CVE-2026-39888

PraisonAI’s PraisonAIAgents contain a sandbox escape in execute_code() (subprocess mode) prior to version 1.5.115. The subprocess wrapper blocks only a subset of attributes, and the missing frame-traversal attributes (traceback , tb_frame, f_back, f_builtins) can be chained via a caught exception...

Directory Traversal

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Directory Traversal in the MultiAgentLedger and MultiAgentMonitor components. An attacker can access sensitive context data...

aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by unknown CVE via praisonai (=1.7.1)

praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-PRAISONAI-15954207...

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

EUVD-2026-20639

PraisonAI has Template Injection in Agent Tool Definitions...

EUVD-2026-20636

PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server...

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

EUVD-2026-20635

PraisonAI has sandbox escape via exception frame traversal in executecode subprocess mode...

Arbitrary Code Injection

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the executecode function. An attacker can gain unauthorized access to the host environment, execute...

aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by CVE-2026-39888 via praisonai (=1.7.1)

praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: CVE-2026-39888 Source advisory: SNYK:JS-PRAISONAI-15954210...

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Deserialization of Untrusted Data

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute...

aitestagent (=0.1.0), doctool (>=1.0.0 <=1.1.0) +2 more potentially affected by CVE-2026-39890 via praisonai (=1.7.1)

praisonai NPM version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on praisonai and may be impacted: - aitestagent =0.1.0 - doctool =1.0.0, =1.0.1, =1.1.0 - tamilai =0.0.2 Source cves: CVE-2026-39890 Source advisory: SNYK:JS-PRAISONAI-15954309...

Deserialization of Untrusted Data

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Deserialization of Untrusted Data

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute arbitrary code...

PT-2026-31457

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.115 Description PraisonAI's AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags like !!js/function and !!js/undefined. This allows an attacker to...