VYPR

Praisonai

by Praison

pypi: praisonai

Source repositories

CVEs (71)

  • CVE-2026-40114HigApr 9, 2026
    risk 0.40cvss 7.2epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using…

  • CVE-2026-39306HigApr 7, 2026
    risk 0.40cvss 7.3epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate archive member paths before extraction. A malicious publisher can upload a recipe…

  • CVE-2026-39308HigApr 7, 2026
    risk 0.39cvss 7.1epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP…

  • CVE-2026-47412higJun 1, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Authorization bypass enabling destructive action. The `DELETE /workspaces/{workspace_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member of the workspace can issue a single DELETE to wipe the…

  • CVE-2026-47415higJun 1, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Insecure Direct Object Reference. The issue CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/issues/{issue_id}`) gate access on `require_workspace_member(workspace_id)` only, then resolve `issue_id` through `IssueService.get(issue_id)` which…

  • CVE-2026-47417higJun 1, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Insecure Direct Object Reference. The comment endpoints (`POST /workspaces/{workspace_id}/issues/{issue_id}/comments` and `GET .../comments`) gate access on `require_workspace_member(workspace_id)` only, then call `CommentService.create(issue_id=issue_id,…

  • CVE-2026-47418higJun 1, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Insecure Direct Object Reference. The project CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/projects/{project_id}` and `GET .../{project_id}/stats`) gate access on `require_workspace_member(workspace_id)` only, then resolve `project_id`…

  • CVE-2026-47409higMay 29, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can remove any other member, including the…

  • CVE-2026-47414higMay 29, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Insecure Direct Object Reference. Five label endpoints — `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE .../labels/{label_id}`, `POST .../issues/{issue_id}/labels/{label_id}`, `DELETE .../issues/{issue_id}/labels/{label_id}`, `GET…

  • CVE-2026-47406higMay 29, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies` and `DELETE .../dependencies/{dep_id}`) gate access on `require_workspace_member(workspace_id)` only, then dispatch to…

  • CVE-2026-47405higMay 29, 2026
    risk 0.38cvss epss 0.00

    ### Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to `owner`. The issue is caused by privileged workspace-management routes using the shared dependency…

  • CVE-2026-47399higMay 29, 2026
    risk 0.38cvss epss 0.00

    ### Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global…

  • CVE-2026-48169higMay 29, 2026
    risk 0.38cvss epss 0.00

    ### Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and…

  • CVE-2026-47397higMay 29, 2026
    risk 0.38cvss epss 0.00

    # Bug Report: Arbitrary File Write in Python API ## Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. `write_file` skips path validation when `workspace=None` (always `None` in production). ## Affected …

  • CVE-2026-47394higMay 29, 2026
    risk 0.38cvss epss 0.00

    ## Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_server/adapters/cli_tools.py`: > "registers four file-handling tools by default, `praisonai.rules.create`,…

  • CVE-2026-47398higMay 29, 2026
    risk 0.38cvss epss 0.00

    Arbitrary code execution via ungated spec.loader.exec_module in agents_generator.py (v4.6.32 chokepoint refactor bypass) Summary The v4.6.32 chokepoint refactor (which patched CVE-2026-44334 /…

  • CVE-2026-40148MedApr 9, 2026
    risk 0.35cvss 6.5epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before…

  • CVE-2026-34939MedApr 3, 2026
    risk 0.35cvss 6.5epss 0.00

    PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re…

  • CVE-2026-44337MedMay 8, 2026
    risk 0.34cvss 6.3epss 0.00

    PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted…

  • CVE-2026-40115MedApr 9, 2026
    risk 0.33cvss 6.2epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by…