VYPR

Praisonai

by Praison

pypi: praisonai

Source repositories

CVEs (71)

  • CVE-2026-40159MedApr 10, 2026
    risk 0.29cvss 5.5epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning background servers via stdio using user-supplied command strings (e.g., MCP("npx -y @smithery/cli ...")). These commands are executed through…

  • CVE-2026-40112MedApr 9, 2026
    risk 0.28cvss 5.4epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html function relies on the nh3 library, which is not listed as a required or optional dependency…

  • CVE-2026-40151MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.01

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application…

  • CVE-2026-56078Jun 18, 2026
    risk 0.00cvss epss 0.01

    PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive…

  • CVE-2026-56077Jun 18, 2026
    risk 0.00cvss epss 0.00

    PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger…

  • CVE-2026-56076Jun 18, 2026
    risk 0.00cvss epss 0.01

    PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with…

  • CVE-2026-56075Jun 18, 2026
    risk 0.00cvss epss 0.00

    PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to…

  • CVE-2026-56074Jun 18, 2026
    risk 0.00cvss epss 0.00

    PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate…

  • CVE-2026-47408May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary **Type:** Insecure Direct Object Reference. The `GET /workspaces/{workspace_id}/issues/{issue_id}/activity` endpoint is gated by `require_workspace_member(workspace_id)` and dispatches to `ActivityService.list_for_issue(issue_id)`, which executes `SELECT * FROM…

  • CVE-2026-47395May 29, 2026
    risk 0.00cvss epss 0.00

    ### Summary PraisonAI's direct-prompt CLI automatically expands `@url:` mentions in raw prompt text before agent execution begins. If a prompt contains `@url:`, the CLI calls `MentionsParser.process(...)`. The `@url:` handler then performs a direct…

  • CVE-2026-47390May 29, 2026
    risk 0.00cvss epss 0.00

    ### Summary PraisonAI's `spider_tools` URL validation can be bypassed using alternate loopback host encodings. The affected component is: ```text praisonaiagents/tools/spider_tools.py ```` The tool contains a URL validation function intended to block local or unsafe targets…

Page 4 of 4