PraisonAI - Information Disclosure via Shared MultiAgentLedger State
Description
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <1.5.115
Patches
Vulnerability mechanics
Root cause
"Missing enforcement of agent ID uniqueness in MultiAgentLedger allows agents with duplicate IDs to share ledger instances."
Attack vector
An attacker registers an agent using an ID that duplicates an existing agent's ID. Because the MultiAgentLedger does not validate uniqueness, the new agent is assigned the same ledger instance as the original agent. The attacker can then read the original agent's system prompts and conversation history through the shared ledger, leading to information disclosure [ref_id=1]. No authentication or network-level bypass is required beyond the ability to register an agent with a chosen ID.
Affected code
The vulnerability resides in the **MultiAgentLedger** component of PraisonAI before version 1.5.115. The component fails to enforce uniqueness of agent IDs, allowing multiple agents to register with duplicate IDs and consequently share the same ledger instance. This shared ledger exposes system prompts and conversation history between agents that should remain isolated.
What the fix does
The patch enforces agent ID uniqueness within the MultiAgentLedger, ensuring that each agent ID maps to exactly one ledger instance. By rejecting registration attempts with duplicate IDs, the fix prevents agents from sharing ledger data and thereby blocks unauthorized access to system prompts and conversation history. The advisory does not include a specific diff, but the remediation guidance confirms that uniqueness validation was added.
Preconditions
- inputThe attacker must be able to register an agent with a chosen ID that duplicates an existing agent's ID.
- configThe MultiAgentLedger must be in use (the default configuration).
Generated on Jun 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744mitrevendor-advisory
- www.vulncheck.com/advisories/praisonai-information-disclosure-via-shared-multiagentledger-statemitrethird-party-advisory
News mentions
0No linked articles in our index yet.