praisonaiagents
PyPI16 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting praisonaiagentspage 1 of 1
- CVE-2026-34937HIGHCVSS 7.8EG 7.8✓ Fixed in 1.5.902026-04-03
vulnerable: 0.0.1 ... 1.5.9 (469 versions)
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "<code>" and passing it to subprocess.run(..., shell=True).…
- CVE-2026-34938CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.5.902026-04-03
vulnerable: 0.0.1 ... 1.5.9 (469 versions)
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden start…
- CVE-2026-34954HIGHCVSS 8.6EG 8.6✓ Fixed in 1.5.952026-04-03
vulnerable: 0.0.1 ... 1.5.94 (474 versions)
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follo…
- CVE-2026-39888CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.5.1152026-04-08
vulnerable: 0.0.1 ... 1.5.99 (494 versions)
PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST…
- CVE-2026-40111HIGHCVSS 8.8EG 8.8✓ Fixed in 1.5.1282026-04-09
vulnerable: 0.0.1 ... 1.5.99 (507 versions)
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run() with shell=True at src/praisonai-agents/praisonaiagents/memor…
- CVE-2026-40117MEDIUMCVSS 6.2EG 6.2✓ Fixed in 1.5.1282026-04-09
vulnerable: 0.0.1 ... 1.5.99 (507 versions)
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path parameter. Unlike file_tools.read_file which en…
- CVE-2026-40150HIGHCVSS 7.7EG 7.7✓ Fixed in 1.5.1282026-04-09
vulnerable: 0.0.1 ... 1.5.99 (507 versions)
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklist…
- CVE-2026-40152MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.1282026-04-09
vulnerable: 0.0.1 ... 1.5.99 (507 versions)
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob(…
- CVE-2026-40153HIGHCVSS 7.4EG 7.4✓ Fixed in 1.5.1282026-04-09
vulnerable: 0.0.1 ... 1.5.99 (507 versions)
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expa…
- CVE-2026-40160MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.5.1282026-04-10
vulnerable: 0.13.23 ... 1.5.99 (166 versions)
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation. An LLM agent tricked into cra…
- CVE-2026-40287HIGHCVSS 8.4EG 8.4✓ Fixed in 1.5.1402026-04-14
vulnerable: 0.0.1 ... 1.5.99 (519 versions)
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (impor…
- CVE-2026-40288CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.5.1402026-04-14
vulnerable: 0.0.1 ... 1.5.99 (519 versions)
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow…
- CVE-2026-40289CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.5.1402026-04-14
vulnerable: 0.0.1 ... 1.5.99 (519 versions)
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentic…
- CVE-2026-41496HIGHCVSS 8.1EG 8.1✓ Fixed in 1.6.82026-05-08
vulnerable: 0.0.1 ... 1.6.7 (536 versions)
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, as…
- CVE-2026-44335CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.6.322026-05-08
vulnerable: 0.0.1 ... 1.6.9 (560 versions)
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.
- CVE-2026-44339HIGHCVSS 8.6EG 8.6✓ Fixed in 1.6.372026-05-08
vulnerable: 0.0.1 ... 1.6.9 (565 versions)
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool lis…
Check whether praisonaiagents is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for praisonaiagents CVEs against the assets you own.
Start Free Scan →