PraisonAI Agents Vulnerabilities

pip AI Agents

AI Threat Alert tracks 48 known vulnerabilities in PraisonAI Agents, 11 rated critical — an AI/ML ai agents in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
48
Total CVEs
11
Critical
pip
Ecosystem
Jun 18, 2026
Last CVE
69%
Patch Rate
0d
Avg Time to Patch

Known Vulnerabilities (48 total, page 1 of 2)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-56078 PraisonAI: path traversal → arbitrary file read/write/RCE 8.8 Jun 18, 2026 MEDIUM GHSA-35w5-pcw4-jx94 praisonaiagents: unauth SSE endpoint enables event injection 4.3 Jun 18, 2026 HIGH GHSA-vmf9-xx9w-86wx PraisonAI: DNS rebinding exposes MCP agent tools 8.3 Jun 18, 2026 HIGH GHSA-qvpf-j64c-jmhr PraisonAI: auth bypass via Slack app_mention handler 8.3 Jun 18, 2026 HIGH GHSA-63v4-w882-g4x2 PraisonAI: XSS bypasses human-in-the-loop tool approval 8.8 Jun 18, 2026 HIGH GHSA-v847-hxxw-3pxg PraisonAI: streaming bypass enables dangerous tool execution 7.8 Jun 18, 2026 HIGH GHSA-w6h2-fr4q-xvxv PraisonAI: file tool shell injection enables RCE 8.8 Jun 18, 2026 MEDIUM GHSA-6h9p-93hq-q7h6 praisonaiagents: SSRF bypass via SpiderTools redirect 6.5 Jun 18, 2026 MEDIUM GHSA-pv2j-rghr-v5r9 praisonaiagents: sandbox escape via format-spec read 6.5 Jun 18, 2026 CRITICAL GHSA-x227-pf99-vffg praisonaiagents: unauthenticated MCP SSE server enables RCE 9.8 Jun 18, 2026 CRITICAL GHSA-4869-x4pr-q22x PraisonAI: Unauthenticated RCE via Jobs API auth bypass 9.8 Jun 18, 2026 HIGH GHSA-vxgj-xg5c-p4h7 praisonaiagents: SSRF DNS bypass exposes internal services 8.5 Jun 18, 2026 HIGH GHSA-2rcg-mm5h-xchx praisonaiagents: @file: path traversal reads arbitrary files 7.5 Jun 18, 2026 CRITICAL GHSA-x8cv-xmq7-p8xp praisonaiagents: unauth AgentTeam API allows agent takeover 9.8 Jun 18, 2026 CRITICAL GHSA-892r-p3jq-jp24 PraisonAI AgentOS: unauth remote agent invocation (CVSS 9.8) 9.8 Jun 18, 2026 HIGH GHSA-rh39-9c67-59mh PraisonAI: member role can delete all workspace resources 8.1 Jun 18, 2026 HIGH GHSA-c969-5x3p-vq3v praisonaiagents: IMAP injection via prompt → email exfil 8.1 Jun 18, 2026 HIGH GHSA-7qw2-w5rc-37x2 PraisonAI: workflow policy bypass enables shell RCE 7.8 Jun 18, 2026 HIGH GHSA-4pcv-mg8v-vrgf praisonaiagents: SSRF + prompt injection, IAM cred exposure 8.8 Jun 18, 2026 HIGH GHSA-6jcq-6546-qrrw PraisonAI: sandbox escape via silent Landlock fallback 8.8 Jun 18, 2026 HIGH CVE-2026-47419 praisonai-platform: IDOR enables cross-workspace agent read/write/delete 8.3 Jun 5, 2026 MEDIUM CVE-2026-47390 PraisonAI: SSRF bypass via loopback alias encodings 5.5 May 29, 2026 MEDIUM CVE-2026-47395 PraisonAI: SSRF via @url mention exposes localhost services 5.5 May 29, 2026 CRITICAL CVE-2026-47392 praisonaiagents: RCE via Python sandbox bypass 9.9 May 29, 2026 CRITICAL CVE-2026-47391 PraisonAI: Unauth RCE via A2A eval injection 9.8 May 29, 2026

Showing 1–25 of 48

Frequently asked questions

What is PraisonAI Agents?

PraisonAI Agents is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does PraisonAI Agents have?

PraisonAI Agents has 48 known CVEs, 11 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is PraisonAI Agents distributed in?

PraisonAI Agents is distributed via the pip ecosystem and categorized as ai agents.

Where does the PraisonAI Agents vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of PraisonAI Agents?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor PraisonAI Agents in your stack

Get instant alerts when new vulnerabilities affect PraisonAI Agents. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring