6 matches found
EUVD-2026-28643
PraisonAI's symlink-extraction bypass of safeextractall writes outside destdir...
CVE-2026-44340
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...
CVE-2026-44339
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and main after it fails to match the declared tool list and the registry. With the default agent configuration,...
CVE-2026-44340 PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...
CVE-2026-44340
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...
PT-2026-39006
Name of the Vulnerable Software and Affected Versions praisonai versions prior to 4.6.37 praisonaiagents versions prior to 1.6.37 Description PraisonAI is a multi-agent teams system. The praisonaiagents component resolves unresolved tool names against module globals and main after failing to matc...