Home/Product/praison praisonai
Product

praison praisonai

43 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-44340
< 4.6.37
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish
7.5HIGH
 CVE-2026-44339
< 4.6.37
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents res
8.6HIGH
 CVE-2026-44338
>= 2.5.6 and < 4.6.34
PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server wi
7.3HIGH
 CVE-2026-44337
>= 2.4.1 and < 4.6.34
PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed kn
6.3MEDIUM
 CVE-2026-44336
< 4.6.34
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp s
9.6CRITICAL
 CVE-2026-44334
>= 4.5.139 and < 4.6.32
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-i
8.4HIGH
 CVE-2026-41497
< 4.6.9
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a comma
9.8CRITICAL
 CVE-2026-41496
< 4.6.9
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-
8.1HIGH
 CVE-2026-40315
< 4.5.133
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversatio
9.8CRITICAL
 CVE-2026-40313
< 4.5.140
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED
9.1CRITICAL
 CVE-2026-40289
< 4.5.139
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge
9.1CRITICAL
 CVE-2026-40288
< 4.5.139
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engin
9.8CRITICAL
 CVE-2026-40287
< 4.5.139
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic,
8.4HIGH
 CVE-2026-40159
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning
5.5MEDIUM
 CVE-2026-40158
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getat
8.6HIGH
 CVE-2026-40157
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw t
8.8HIGH
 CVE-2026-40156
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current wo
7.8HIGH
 CVE-2026-40154
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable
9.3CRITICAL
 CVE-2026-40151
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that
5.3MEDIUM
 CVE-2026-40149
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated
7.9HIGH
 CVE-2026-40148
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validate
6.5MEDIUM
 CVE-2026-40116
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts
7.5HIGH
 CVE-2026-40115
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP
6.2MEDIUM
 CVE-2026-40114
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the reque
7.2HIGH
 CVE-2026-40113
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run
8.4HIGH
 CVE-2026-40112
< 4.5.128
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as
5.4MEDIUM
 CVE-2026-40088
< 4.5.121
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed t
9.6CRITICAL
 CVE-2026-39891
<= 4.5.114
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_creat
8.8HIGH
 CVE-2026-39890
<= 4.5.114
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to p
9.8CRITICAL
 CVE-2026-39889
<= 4.5.114
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all ag
7.5HIGH
 CVE-2026-39888
< 1.5.115
PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbo
9.9CRITICAL
 CVE-2026-39308
<= 4.5.112
PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recipe bun
7.1HIGH
 CVE-2026-39307
<= 4.5.112
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Sl
8.1HIGH
 CVE-2026-39306
<= 4.5.112
PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .pra
7.3HIGH
 CVE-2026-39305
<= 4.5.112
PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability
9.0CRITICAL
 CVE-2026-35615
< 1.5.113
PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. seq
7.5HIGH
 CVE-2026-34955
< 4.5.97
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED)
8.8HIGH
 CVE-2026-34953
< 4.5.97
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not fou
9.1CRITICAL
 CVE-2026-34952
< 4.5.97
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /w
9.1CRITICAL
 CVE-2026-34939
< 4.5.90
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string di
6.5MEDIUM
 CVE-2026-34936
< 4.5.90
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-co
7.7HIGH
 CVE-2026-34935
>= 4.5.15 and < 4.5.69
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly t
9.8CRITICAL
 CVE-2026-34934
< 4.5.90
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries usi
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin