Lucene search
+L

4 matches found

OSV
OSV
added 2026/05/11 1:58 p.m.7 views

GHSA-9MQQ-JQXF-GRVW PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

Summary PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joi...

9.6CVSS6.3AI score0.00619EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:32 p.m.11 views

CVE-2026-44336

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

9.4CVSS6.3AI score0.00619EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/08 1:32 p.m.4 views

CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

9.4CVSS6.5AI score0.00619EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 7:28 p.m.21 views

GHSA-PJ2R-F9MW-VRCQ PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution

PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By default, the implementation forwards the entire parent proces...

5.5CVSS6.1AI score0.00182EPSS
Exploits0References4
Rows per page
Query Builder