PraisonAI — Vulnerabilities & Security Advisories 46

All 46 CVE vulnerabilities found in PraisonAI, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-44340	PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` CWE-22	-	-	2026-05-08
CVE-2026-44339	PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute CWE-470	8.6	High	2026-05-08
CVE-2026-44338	PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution CWE-306	7.3	High	2026-05-08
CVE-2026-44337	PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries CWE-20	6.3	Medium	2026-05-08
CVE-2026-44336	PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection CWE-20	-	-	2026-05-08
CVE-2026-44335	SSRF bypass in PraisonAI CWE-918	-	-	2026-05-08
CVE-2026-44334	PraisonAI: Unauthenticated RCE via `tool_override.py` CWE-94	8.4	High	2026-05-08
CVE-2026-41497	Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI CWE-78	9.8	Critical	2026-05-08
CVE-2026-41496	PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) CWE-89	8.1	High	2026-05-08
CVE-2026-40313	PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence CWE-829	9.1	Critical	2026-04-14
CVE-2026-40289	PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions CWE-306	9.1	Critical	2026-04-14
CVE-2026-40288	PraisonAI: Critical RCE via `type: job` workflow YAML CWE-78	9.8	Critical	2026-04-14
CVE-2026-40287	PraisonAI has RCE via Automatic tools.py Import CWE-94	8.4	High	2026-04-14
CVE-2026-40315	PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries CWE-89	8.1	-	2026-04-14
CVE-2026-40159	PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution CWE-200	5.5	Medium	2026-04-10
CVE-2026-40158	PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai CWE-94	8.6	High	2026-04-10
CVE-2026-40157	PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack` CWE-22	8.1	-	2026-04-10
CVE-2026-40156	PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading CWE-94	7.8	High	2026-04-10
CVE-2026-40154	PraisonAI Affected by Untrusted Remote Template Code Execution CWE-829	9.3	Critical	2026-04-09
CVE-2026-40151	PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS CWE-200	5.3	Medium	2026-04-09
CVE-2026-40149	PraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls CWE-396	7.9	High	2026-04-09
CVE-2026-40148	PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits CWE-409	6.5	Medium	2026-04-09
CVE-2026-40116	PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits CWE-770	7.5	High	2026-04-09
CVE-2026-40115	PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS CWE-770	6.2	Medium	2026-04-09
CVE-2026-40114	PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API CWE-918	7.2	High	2026-04-09
CVE-2026-40113	PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars CWE-88	8.4	High	2026-04-09
CVE-2026-40112	PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) CWE-79	5.4	Medium	2026-04-09
CVE-2026-40088	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai CWE-78	9.7	Critical	2026-04-09
CVE-2026-39891	PraisonAI has a Template Injection in Agent Tool Definitions CWE-94	8.8	High	2026-04-08
CVE-2026-39890	PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading CWE-502	9.8	Critical	2026-04-08

All 46 known CVE vulnerabilities affecting PraisonAI with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

PraisonAI — Vulnerabilities & Security Advisories 46