Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125

Affected software: Dromara warm-flow up to version 1.8.4. Vulnerable component: SpelHelper.parseExpression in /warm-flow/save-json of the Workflow Definition Handler. Issue: argument manipulation of listenerPath/skipCondition/permissionFlag enables code injection. Impact: remote attacker could ex...

Warm-Flow 代码注入漏洞

Warm-Flow is a workflow engine developed by Dromara. Versions of Warm-Flow 1.8.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the improper handling of parameters listenerPath, skipCondition, and permissionFlag by the SpelHelper.parseExpression function in...

PT-2026-32157

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

Exploit for CVE-2026-39866

CVE-2026-39866 — Command Injection via unquoted workflow dispa...

PT-2026-32122

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the AdminService/StreamWorkflowReplicationMessages endpoint. An attacker can access replication streams and exfiltrate data by connecting to the frontend gRPC server without providing...

EUVD-2026-21607

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

EUVD-2026-21605

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

GHSA-VC46-VW85-3WVM PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

PT-2026-32593

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139 praisonaiagents versions prior to 1.5.140 Description The workflow engine is susceptible to arbitrary command and code execution through untrusted YAML files. When the system loads a YAML file with type: job...

CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

PraisonAI 操作系统命令注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.121 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the executecommand function and the workflow shell, which expose...

GHSA-2763-CJ5R-C79M PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...

PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...

accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +320 more potentially affected by CVE-2026-40087 via langchain-core (>=1.0.0a8 <=1.2.24)

langchain-core PYPI version =1.0.0a8, =0.0.2, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...