AI Threat Alert

PraisonAI Vulnerabilities

pip AI Agents
41
Total CVEs
11
Critical
pip
Ecosystem
May 11, 2026
Last CVE
84%
Patch Rate
0d
Avg Time to Patch

Known Vulnerabilities (41 total, page 2 of 2)

Severity CVE ID Summary CVSS Published
CRITICAL GHSA-8x8f-54wf-vv92 PraisonAI: auth bypass enables browser session hijack 9.1 Apr 10, 2026 HIGH CVE-2026-40116 PraisonAI: unauth WebSocket drains OpenAI API credits 7.5 Apr 9, 2026 HIGH CVE-2026-40113 PraisonAI: arg injection injects env vars into Cloud Run 8.4 Apr 9, 2026 MEDIUM CVE-2026-40112 PraisonAI: XSS via no-op HTML sanitizer in agent output 5.4 Apr 9, 2026 CRITICAL CVE-2026-40111 PraisonAI: RCE via shell injection in memory hooks executor -- Apr 9, 2026 CRITICAL GHSA-2763-cj5r-c79m PraisonAI: RCE via shell injection in agent workflows 9.7 Apr 8, 2026 CRITICAL CVE-2026-39890 PraisonAI: YAML deserialization enables unauthenticated RCE 9.8 Apr 8, 2026 HIGH CVE-2026-39889 PraisonAI: unauth A2U stream leaks all agent activity 7.5 Apr 8, 2026 HIGH CVE-2026-39891 praisonai: SSTI enables RCE via agent instructions 8.8 Apr 8, 2026 HIGH CVE-2026-39307 PraisonAI: Zip Slip enables arbitrary file write / RCE 8.1 Apr 6, 2026 CRITICAL CVE-2026-39305 PraisonAI: path traversal enables arbitrary file write/RCE 9.0 Apr 6, 2026 HIGH CVE-2026-39306 PraisonAI: recipe path traversal allows arbitrary file write 7.3 Apr 6, 2026 HIGH CVE-2026-39308 PraisonAI: recipe registry path traversal file write 7.1 Apr 6, 2026 CRITICAL CVE-2026-35615 PraisonAI: path traversal exposes full filesystem via agent tools -- Apr 6, 2026 HIGH CVE-2026-34936 PraisonAI: SSRF via api_base steals cloud IAM credentials 7.7 Apr 1, 2026 HIGH CVE-2026-34955 PraisonAI: sandbox escape via shell=True blocklist bypass 8.8 Apr 1, 2026

Showing 26–41 of 41

← Previous

Monitor PraisonAI in your stack

Get instant alerts when new vulnerabilities affect PraisonAI. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring