4 matches found
CVE-2026-40287
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
CVE-2026-40287
PraisonAI (versions 4.5.138 and earlier) is vulnerable to local arbitrary code execution via automatic, unsanitized import of a tools.py from the current working directory. The flaw arises in components such as call.py (import_tools_from_file()), tool_resolver.py (_load_local_tools()), and CLI to...