990 matches found
CVE-2026-61447
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...
CVE-2026-61439
PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...
EUVD-2026-43182
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...
CVE-2026-61447
PraxionAI before 1.6.78 exposes a remote code execution flaw in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandboxing. This enables prompt-injection to exfiltrate environment secrets and run arbitrary code on the host. The v...
CVE-2026-61447 PraisonAI before 1.6.78 Remote Code Execution via CodeAgent
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...
EUVD-2026-43181
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem...
CVE-2026-61439
Summary: CVE-2026-61439 affects PraisonAI
EUVD-2026-43179
PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...
PT-2026-57440
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.78 Description A remote code execution issue exists in the CodeAgent. execute python function. The software executes Python code generated by a Large Language Model LLM without employing Abstract Syntax Tree AST...
Protection Mechanism Failure
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-60086
PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...
CVE-2026-60086
PraisonAI before 4.6.78 contains a prompt injection defense bypass. The defense only blocks threats classified as CRITICAL and requires three or more detector families to match. Attackers can craft single- or double-vector prompt injections rated HIGH that pass through unblocked to reach the mode...
CVE-2026-60086 PraisonAI before 4.6.78 Prompt Injection Defense Bypass
PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...
EUVD-2026-42894
PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...
CVE-2026-55615
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
CVE-2026-50180
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...
CVE-2026-55615
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
CVE-2026-55615
Langroid CVE-2026-55615 affects the Neo4jChatAgent path, where LLM-generated Cypher queries are sent unvalidated to the Neo4j driver prior to version 0.65.5. Connected docs describe a prompt-injection risk enabling read/write/destroy of graph data and, with APOC or dbms.security, potential OS com...
CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
Directory Traversal
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Directory Traversal via path traversal in the skill archive extraction logic in SkillPromptInjectionHandler and SkillsSandboxExecutor. An authenticated user with access to...