4 matches found
CVE-2026-44334 PraisonAI: Unauthenticated RCE via `tool_override.py`
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...
CVE-2026-44334 PraisonAI: Unauthenticated RCE via `tool_override.py`
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...
PraisonAI 代码注入漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 4.5.139 to 4.6.32 had a code injection vulnerability. This vulnerability stemmed from insufficient protection for automatic tool imports in the tooloverride.py script, allowing...
PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...