Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

427 matches found

NVD
NVDadded 2026/04/03 11:17 p.m.4 views

CVE-2026-34954

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

8.6CVSS0.00405EPSS
Exploits1References1
NVD
NVDadded 2026/04/03 11:17 p.m.1 views

CVE-2026-34939

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python...

7.5CVSS0.00402EPSS
Exploits1References1
NVD
NVDadded 2026/04/03 11:17 p.m.1 views

CVE-2026-34937

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

9.8CVSS0.00545EPSS
Exploits1References1
NVD
NVDadded 2026/04/03 11:17 p.m.2 views

CVE-2026-34952

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and the...

9.1CVSS0.00444EPSS
Exploits1References1
NVD
NVDadded 2026/04/03 11:17 p.m.3 views

CVE-2026-34936

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

7.7CVSS0.00337EPSS
Exploits1References1
NVD
NVDadded 2026/04/03 11:17 p.m.6 views

CVE-2026-34935

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

9.8CVSS0.00824EPSS
Exploits1References2
NVD
NVDadded 2026/04/03 11:17 p.m.2 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS0.00533EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/03 11:4 p.m.19 views

CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

8.8CVSS0.00368EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/03 11:4 p.m.1 views

CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

8.8CVSS5.8AI score0.00368EPSS
Exploits1References1
CVE
CVEadded 2026/04/03 11:4 p.m.9 views

CVE-2026-34955

PraisonAI's SubprocessSandbox is vulnerable prior to version 4.5.97: it uses subprocess.run() with shell=True in all modes and blocks commands only by string-pattern matching, not recognizing sh/bash as standalone executables. This enables sandbox escape in STRICT mode via sh -c '' (and related b...

10CVSS5.8AI score0.00368EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/03 10:54 p.m.4 views

CVE-2026-34954

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

8.6CVSS5.8AI score0.00405EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:54 p.m.1 views

CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

8.6CVSS5.8AI score0.00405EPSS
Exploits1References1
CVE
CVEadded 2026/04/03 10:54 p.m.7 views

CVE-2026-34954

PrašionAI (praisonaiagents) contains a SSRF vulnerability in FileTools.download_file(): it only validates the destination path and passes the unvalidated url directly to httpx.stream() with follow_redirects=True, allowing an attacker-controlled URL to reach any host accessible from the server, in...

8.6CVSS5.8AI score0.00405EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/03 10:54 p.m.13 views

CVE-2026-34953 PraisonAI: Authentication Bypass in OAuthManager.validate_token()

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access t...

9.1CVSS0.00375EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/03 10:54 p.m.6 views

EUVD-2026-18925

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access t...

9.1CVSS6AI score0.00375EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/03 10:54 p.m.2 views

CVE-2026-34953

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access t...

9.1CVSS6AI score0.00375EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/04/03 10:54 p.m.9 views

CVE-2026-34953

PraisonAI (OAuthManager.validate_token) vulnerability: before v4.5.97, validate_token() returns True for any token not present in the empty internal store, causing any Bearer token on MCP HTTP requests to be treated as authenticated and granting full access to tools and agent capabilities. This i...

9.1CVSS6AI score0.00375EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/03 10:53 p.m.0 views

CVE-2026-34952

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and the...

9.1CVSS5.9AI score0.00444EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:53 p.m.2 views

CVE-2026-34952 PraisonAI: Missing Authentication in WebSocket Gateway

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and the...

9.1CVSS5.9AI score0.00444EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/03 10:52 p.m.16 views

CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python...

6.5CVSS0.00402EPSS
Exploits1References1
Rows per page
Query Builder