Lucene search
K

5 matches found

OSV
OSV
added 4 days ago5 views

PYSEC-2026-477 PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

9.8CVSS6.2AI score0.00609EPSS
Exploits1References6
OSV
OSV
added 4 days ago5 views

PYSEC-2026-488 PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

9.8CVSS6.2AI score0.00609EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/14 3:0 a.m.8 views

EUVD-2026-22209

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

9.8CVSS6.4AI score0.00609EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/14 3:0 a.m.27 views

CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

9.8CVSS0.00609EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/10 7:32 p.m.11 views

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

9.8CVSS6.2AI score0.00609EPSS
Exploits1References4Affected Software2
Rows per page
Query Builder