Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PraisonAI — Vulnerabilities & Security Advisories 46

All 46 CVE vulnerabilities found in PraisonAI, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for PraisonAI, focusing on AI software security weaknesses and associated tags. It compiles known vulnerabilities, software flaws, and configuration errors that have been publicly disclosed or identified through security research and automated scanning. The collection covers data from January 2020 through the present, ensuring a comprehensive historical view of the product’s security landscape over time. Users can leverage this page to track vendor advisories from PraisonAI and related ecosystem partners, gaining insight into how specific issues are patched and documented. It also allows for deeper analysis of particular weakness classes, such as broken access control, injection flaws, or improper authentication mechanisms, by contextualizing them within PraisonAI’s architecture. Furthermore, individuals can look up a product’s vulnerability history to assess long-term security trends, identify recurring issues, and evaluate the effectiveness of remediation efforts. This resource is designed for security analysts, developers, and auditors who need to understand the risk profile of PraisonAI integrations and deployments. By aggregating diverse sources including CVE records, NVD entries, and vendor bulletins, the page provides a centralized reference point for threat modeling and compliance verification. The information presented here is intended to support informed decision-making regarding software updates, security configurations, and risk mitigation strategies without recommending specific third-party tools or services.

Vendor: MervinPraison

CVE IDTitleCVSSSeverityPublished
CVE-2026-44340 PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` CWE-22 7.1AIHighAI2026-05-08
CVE-2026-44339 PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute CWE-470 8.6 High2026-05-08
CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution CWE-306 7.3 High2026-05-08
CVE-2026-44337 PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries CWE-20 6.3 Medium2026-05-08
CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection CWE-20 5.4AIMediumAI2026-05-08
CVE-2026-44335 SSRF bypass in PraisonAI CWE-918 9.1AICriticalAI2026-05-08
CVE-2026-44334 PraisonAI: Unauthenticated RCE via `tool_override.py` CWE-94 8.4 High2026-05-08
CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI CWE-78 9.8 Critical2026-05-08
CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) CWE-89 8.1 High2026-05-08
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence CWE-829 9.1 Critical2026-04-14
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions CWE-306 9.1 Critical2026-04-14
CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML CWE-78 9.8 Critical2026-04-14
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import CWE-94 8.4 High2026-04-14
CVE-2026-40315 PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries CWE-89 8.1 -2026-04-14
CVE-2026-40159 PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution CWE-200 5.5 Medium2026-04-10
CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai CWE-94 8.6 High2026-04-10
CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack` CWE-22 8.1 -2026-04-10
CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading CWE-94 7.8 High2026-04-10
CVE-2026-40154 PraisonAI Affected by Untrusted Remote Template Code Execution CWE-829 9.3 Critical2026-04-09
CVE-2026-40151 PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS CWE-200 5.3 Medium2026-04-09
CVE-2026-40149 PraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls CWE-396 7.9 High2026-04-09
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits CWE-409 6.5 Medium2026-04-09
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits CWE-770 7.5 High2026-04-09
CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS CWE-770 6.2 Medium2026-04-09
CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API CWE-918 7.2 High2026-04-09
CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars CWE-88 8.4 High2026-04-09
CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) CWE-79 5.4 Medium2026-04-09
CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai CWE-78 9.7 Critical2026-04-09
CVE-2026-39891 PraisonAI has a Template Injection in Agent Tool Definitions CWE-94 8.8 High2026-04-08
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading CWE-502 9.8 Critical2026-04-08

All 46 known CVE vulnerabilities affecting PraisonAI with full Chinese analysis, references, and POCs where available.