AI Threat Alert
PraisonAI Vulnerabilities
pip AI Agents41
Total CVEs
11
Critical
pip
Ecosystem
May 11, 2026
Last CVE
84%
Patch Rate
0d
Avg Time to Patch
Known Vulnerabilities (41 total, page 1 of 2)
Severity CVE ID Summary CVSS Published
HIGH CVE-2026-44338 PraisonAI: unauthenticated API triggers agent workflows 7.3 May 11, 2026 MEDIUM CVE-2026-44337 PraisonAI: SQL/CQL injection in knowledge-store backends 6.3 May 11, 2026 CRITICAL CVE-2026-44336 PraisonAI: MCP path traversal escalates to full RCE 9.6 May 11, 2026 HIGH CVE-2026-44339 praisonaiagents: tool bypass enables undeclared callable exec 8.6 May 11, 2026 HIGH CVE-2026-44340 PraisonAI: tar symlink bypass allows arbitrary file write 7.5 May 11, 2026 HIGH CVE-2026-44334 praisonai: RCE via unpatched tool_override exec_module 8.4 May 6, 2026 CRITICAL GHSA-9qhq-v63v-fv3j PraisonAI: RCE via MCP command injection 9.8 Apr 17, 2026 HIGH GHSA-rg3h-x3jw-7jm5 PraisonAI: SQL injection across 9 DB backends 8.1 Apr 17, 2026 MEDIUM CVE-2026-40115 PraisonAI: unbounded body read enables local DoS 6.2 Apr 10, 2026 HIGH CVE-2026-40149 PraisonAI: auth bypass disables agent safety controls 7.9 Apr 10, 2026 MEDIUM CVE-2026-40151 PraisonAI: unauthenticated agent config and system prompt disclosure 5.3 Apr 10, 2026 HIGH CVE-2026-40153 praisonaiagents: env var expansion exposes production secrets 7.4 Apr 10, 2026 HIGH CVE-2026-40158 PraisonAI: AST sandbox bypass enables host RCE 8.6 Apr 10, 2026 HIGH GHSA-qwgj-rrpj-75xm PraisonAI: hardcoded approval bypass enables RCE 8.8 Apr 10, 2026 CRITICAL CVE-2026-40154 PraisonAI: supply chain RCE via unverified template exec 9.3 Apr 10, 2026 MEDIUM CVE-2026-40148 PraisonAI: decompression bomb causes disk exhaustion 6.5 Apr 10, 2026 HIGH CVE-2026-40156 PraisonAI: auto tools.py load enables local RCE 7.8 Apr 10, 2026 CRITICAL CVE-2026-40157 PraisonAI: path traversal allows arbitrary file write via recipe unpack -- Apr 10, 2026 MEDIUM CVE-2026-40159 PraisonAI: MCP env inheritance exposes API keys 5.5 Apr 10, 2026 HIGH CVE-2026-40160 praisonaiagents: SSRF in web_crawl exposes cloud metadata -- Apr 10, 2026 MEDIUM GHSA-ffp3-3562-8cv3 PraisonAI: tool approval bypass leaks env credentials 5.5 Apr 10, 2026 HIGH CVE-2026-40114 PraisonAI: unauthenticated SSRF via unvalidated webhook_url 7.2 Apr 10, 2026 MEDIUM GHSA-x783-xp3g-mqhp PraisonAI: SQL injection via table_prefix exposes DB -- Apr 10, 2026 HIGH GHSA-g985-wjh9-qxxc PraisonAI: untrusted tools.py import enables RCE 8.4 Apr 10, 2026 CRITICAL GHSA-vc46-vw85-3wvm PraisonAI: RCE via malicious workflow YAML execution 9.8 Apr 10, 2026 Showing 1–25 of 41
Monitor PraisonAI in your stack
Get instant alerts when new vulnerabilities affect PraisonAI. CISO analysis, ATLAS technique mappings, and compliance reports included.
Start Monitoring