PT-2026-45060

Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspace id/issues/issue id/dependencies and DELETE .../dependencies/dep id gate access on require workspace memberworkspace id only, then dispatch to DependencyService calls that take URL/body-supplied...

PT-2026-45056

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write file skips path validation when workspace=None always None in production. Affected PraisonAI output file: /tmp/flag.txt output...

PT-2026-45052

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generate api server code that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:...

PT-2026-45068

Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

PT-2026-45063

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspace id/members/user id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can remove any other member, including the workspace owner, using a single DELETE...

PT-2026-45064

Summary Type: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORM JWT SECRET is unset. A safety check exists but only fires when PLATFORM ENV != "dev"; the default value of PLATFORM ENV is "dev", so the check is silentl...

PT-2026-45054

Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...

PT-2026-45051

Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...

PT-2026-45058

Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID. The affected pattern...

PT-2026-45006

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

PT-2026-45019

Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...

PT-2026-45049

Summary PraisonAI's spider tools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spider tools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

PT-2026-47560

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

Linux Distros Unpatched Vulnerability : CVE-2026-48526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC...

Linux Distros Unpatched Vulnerability : CVE-2026-48863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libsolv - None Ubuntu Linux - Unknown description CVE-2026-48863 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-48523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or...

Linux Distros Unpatched Vulnerability : CVE-2026-47734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access...

Linux Distros Unpatched Vulnerability : CVE-2026-46186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...

Linux Distros Unpatched Vulnerability : CVE-2026-48756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - incus - None lxd - None Ubuntu Linux - Unknown description CVE-2026-48756 Note that Nessus relies on the presence of the package as reported by t...

📄 MeiG Smart FORGE_SLT711 Command Injection

MeiG Smart FORGESLT711 proof of concept remote command injection exploit. Exploit Title: MeiG Smart FORGESLT711 - OS Command Injection Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.meigsmart.com Software Link: N/A firmware distributed via carrier channels Version:...