Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

CVE
CVEadded 2026/05/08 1:25 p.m.7 views

CVE-2026-44334

PraisionAI contains an unauthenticated RCE path in templates/tool_override.py that was not gated after CVE-2026-40287 was fixed. From 4.5.139 up to 4.6.32, tools.py auto-imports were guarded in tool_resolver.py and api/call.py by PRAISONAI_ALLOW_LOCAL_TOOLS, but an additional import sink in prais...

8.4CVSS5.9AI score0.00009EPSS
Exploits2References1Affected Software1
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.4 views

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 4.5.139 to 4.6.32 had a code injection vulnerability. This vulnerability stemmed from insufficient protection for automatic tool imports in the tooloverride.py script, allowing...

8.4CVSS6.4AI score0.00009EPSS
Exploits2References1
OSV
OSVadded 2026/05/06 10:8 p.m.3 views

GHSA-XCMW-GRXF-WJHJ PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

8.4CVSS5.9AI score0.00009EPSS
Exploits2References4
Rows per page
Query Builder