Praisonai

This hub aggregates every CVE we track for Praisonai, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Praisonai.

• CVE-2026-56078PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor8.8Jun 18, 2026
• CVE-2026-56076PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint8.1Jun 18, 2026
• CVE-2026-56077PraisonAI - Information Disclosure via Shared MultiAgentLedger State6.5Jun 18, 2026
• CVE-2026-56075PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override8.8Jun 18, 2026
• CVE-2026-56074PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching5.5Jun 18, 2026
• CVE-2026-44340PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`7.5May 8, 2026
• CVE-2026-44339PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute8.6May 8, 2026
• CVE-2026-44338PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution7.3May 8, 2026
• CVE-2026-44337PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries6.3May 8, 2026
• CVE-2026-44336PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection9.6May 8, 2026
• CVE-2026-44335SSRF bypass in PraisonAI9.8May 8, 2026
• CVE-2026-44334PraisonAI: Unauthenticated RCE via `tool_override.py`8.4May 8, 2026
• CVE-2026-41497Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI9.8May 8, 2026
• CVE-2026-41496PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)8.1May 8, 2026
• CVE-2026-40313PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence9.1Apr 14, 2026