VYPR

Praisonaiagents

by Praison

pypi: praisonaiagents

Source repositories

CVEs (15)

  • CVE-2026-34938CriApr 3, 2026
    risk 0.65cvss 10.0epss 0.01

    PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr…

  • CVE-2026-44335CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.00

    PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.

  • CVE-2026-40288CriApr 14, 2026
    risk 0.57cvss 9.8epss 0.01

    PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run <file.yaml> loads a YAML file with…

  • CVE-2026-40111HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run() with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed…

  • CVE-2026-34954HigApr 3, 2026
    risk 0.56cvss 8.6epss 0.00

    PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who…

  • CVE-2026-40289CriApr 14, 2026
    risk 0.52cvss 9.1epss 0.00

    PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on…

  • CVE-2026-34937HigApr 3, 2026
    risk 0.51cvss 7.8epss 0.01

    PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run(..., shell=True). The escaping logic only handles \ and…

  • CVE-2026-40150HigApr 9, 2026
    risk 0.50cvss 7.7epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are…

  • CVE-2026-44339HigMay 8, 2026
    risk 0.49cvss 8.6epss 0.00

    PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default…

  • CVE-2026-40287HigApr 14, 2026
    risk 0.48cvss 8.4epss 0.00

    PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_from_file()), tool_resolver.py…

  • CVE-2026-40153HigApr 9, 2026
    risk 0.48cvss 7.4epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False (line…

  • CVE-2026-41496HigMay 8, 2026
    risk 0.46cvss 8.1epss 0.00

    PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso,…

  • CVE-2026-40160MedApr 10, 2026
    risk 0.42cvss 6.5epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud…

  • CVE-2026-40117MedApr 9, 2026
    risk 0.40cvss 6.2epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path parameter. Unlike file_tools.read_file which enforces workspace boundary confinement,…

  • CVE-2026-40152MedApr 9, 2026
    risk 0.34cvss 5.3epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob() without any validation. Since Python's…