Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 1:25 p.m.9 views

CVE-2026-44334 PraisonAI: Unauthenticated RCE via `tool_override.py`

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

8.4CVSS5.9AI score0.00246EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/08 1:25 p.m.33 views

CVE-2026-44334 PraisonAI: Unauthenticated RCE via `tool_override.py`

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

8.4CVSS0.00246EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.7 views

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 4.5.139 to 4.6.32 had a code injection vulnerability. This vulnerability stemmed from insufficient protection for automatic tool imports in the tooloverride.py script, allowing...

8.4CVSS6.4AI score0.00246EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/05/06 10:8 p.m.8 views

PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

8.4CVSS5.9AI score0.00246EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder