2 matches found
CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...
CVE-2026-40287
PraisonAI (versions 4.5.138 and earlier) is vulnerable to local arbitrary code execution via automatic, unsanitized import of a tools.py from the current working directory. The flaw arises in components such as call.py (import_tools_from_file()), tool_resolver.py (_load_local_tools()), and CLI to...