praison

Top products

The 15 most recently published vulnerabilities affecting praison.

• CVE-2026-44340PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`7.5May 8, 2026
• CVE-2026-44339PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute8.6May 8, 2026
• CVE-2026-44338PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution7.3May 8, 2026
• CVE-2026-44337PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries6.3May 8, 2026
• CVE-2026-44336PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection9.6May 8, 2026
• CVE-2026-44335SSRF bypass in PraisonAI9.8May 8, 2026
• CVE-2026-44334PraisonAI: Unauthenticated RCE via `tool_override.py`8.4May 8, 2026
• CVE-2026-41497Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI9.8May 8, 2026
• CVE-2026-41496PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)8.1May 8, 2026
• CVE-2026-40313PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence9.1Apr 14, 2026
• CVE-2026-40289PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions9.1Apr 14, 2026
• CVE-2026-40288PraisonAI: Critical RCE via `type: job` workflow YAML9.8Apr 14, 2026
• CVE-2026-40287PraisonAI has RCE via Automatic tools.py Import8.4Apr 14, 2026
• CVE-2026-40315PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries9.8Apr 14, 2026
• CVE-2026-40160PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback6.5Apr 10, 2026