464 matches found
CVE-2026-47407
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:50+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-h8q5-cp56-rr65...
CVE-2026-47405
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:48+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-h37g-4h4p-9x97...
CVE-2026-48169
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:20+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gv23-xrm3-8c62...
CVE-2026-47398
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:03+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-78r8-wwqv-r299...
CVE-2026-47397
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:00+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-hvhp-v2gc-268q...
CVE-2026-47395
creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:56+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-5cxw-77wg-jrf3...
CVE-2026-47390
creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:55+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-5c6w-wwfq-7qqm...
Exploit for Insecure Default Initialization of Resource in Praison Praisonai
CVE-2026-44338 PraisonAI Authentication Bypass Lab Local Dock...
Exploit for Insecure Default Initialization of Resource in Praison Praisonai
⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 CVSS score: 7.3, a case of missing...
Exploit for Code Injection in Praison Praisonai
praison-exp...
CVE-2026-44336
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...
EUVD-2026-28643
PraisonAI's symlink-extraction bypass of safeextractall writes outside destdir...
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
Summary praisonaiagents resolves unresolved tool names against module globals and main after it fails to match the declared tool list and the registry. With the default agent configuration, permallow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An...
EUVD-2026-28639
PraisonAI MCP tools/call path-traversal = RCE via Python .pth injection...
GHSA-9MQQ-JQXF-GRVW PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection
Summary PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joi...
GHSA-3643-7V76-5CJ2 PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
Summary PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. Details This issue affec...
Directory Traversal
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Directory Traversal
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...