PraisonAI Agents Vulnerabilities

pip AI Agents

AI Threat Alert tracks 48 known vulnerabilities in PraisonAI Agents, 11 rated critical — an AI/ML ai agents in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
48
Total CVEs
11
Critical
pip
Ecosystem
Jun 18, 2026
Last CVE
69%
Patch Rate
0d
Avg Time to Patch

Known Vulnerabilities (48 total, page 2 of 2)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-47397 PraisonAI: arbitrary file write via hidden webpage metadata -- May 29, 2026 HIGH CVE-2026-44339 praisonaiagents: tool bypass enables undeclared callable exec 8.6 May 11, 2026 HIGH CVE-2026-44335 praisonaiagents: SSRF via URL parser confusion bypass -- May 6, 2026 HIGH GHSA-rg3h-x3jw-7jm5 PraisonAI: SQL injection across 9 DB backends 8.1 Apr 17, 2026 MEDIUM CVE-2026-40151 PraisonAI: unauthenticated agent config and system prompt disclosure 5.3 Apr 10, 2026 HIGH CVE-2026-40153 praisonaiagents: env var expansion exposes production secrets 7.4 Apr 10, 2026 MEDIUM CVE-2026-40152 praisonaiagents: glob traversal leaks filesystem metadata 5.3 Apr 10, 2026 HIGH CVE-2026-40158 PraisonAI: AST sandbox bypass enables host RCE 8.6 Apr 10, 2026 MEDIUM CVE-2026-40159 PraisonAI: MCP env inheritance exposes API keys 5.5 Apr 10, 2026 HIGH GHSA-x462-jjpc-q4q4 praisonaiagents: CORS bypass enables silent agent RCE 8.1 Apr 10, 2026 HIGH CVE-2026-40160 praisonaiagents: SSRF in web_crawl exposes cloud metadata -- Apr 10, 2026 MEDIUM GHSA-ffp3-3562-8cv3 PraisonAI: tool approval bypass leaks env credentials 5.5 Apr 10, 2026 HIGH GHSA-g985-wjh9-qxxc PraisonAI: untrusted tools.py import enables RCE 8.4 Apr 10, 2026 CRITICAL GHSA-vc46-vw85-3wvm PraisonAI: RCE via malicious workflow YAML execution 9.8 Apr 10, 2026 CRITICAL GHSA-8x8f-54wf-vv92 PraisonAI: auth bypass enables browser session hijack 9.1 Apr 10, 2026 HIGH CVE-2026-40150 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl 7.7 Apr 9, 2026 MEDIUM CVE-2026-40117 PraisonAI: arbitrary file read via unguarded skill tool 6.2 Apr 9, 2026 CRITICAL CVE-2026-40111 PraisonAI: RCE via shell injection in memory hooks executor -- Apr 9, 2026 CRITICAL CVE-2026-39888 praisonaiagents: sandbox escape enables host RCE 10.0 Apr 8, 2026 MEDIUM GHSA-766v-q9x3-g744 praisonaiagents: agent context leak + path traversal 6.5 Apr 8, 2026 CRITICAL CVE-2026-34938 praisonaiagents: sandbox bypass enables full host RCE 10.0 Apr 1, 2026 HIGH CVE-2026-34937 PraisonAI: OS command injection via run_python() shell escape 7.8 Apr 1, 2026 HIGH CVE-2026-34954 praisonaiagents: SSRF leaks cloud IAM credentials 8.6 Apr 1, 2026

Showing 26–48 of 48

Frequently asked questions

What is PraisonAI Agents?

PraisonAI Agents is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does PraisonAI Agents have?

PraisonAI Agents has 48 known CVEs, 11 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is PraisonAI Agents distributed in?

PraisonAI Agents is distributed via the pip ecosystem and categorized as ai agents.

Where does the PraisonAI Agents vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of PraisonAI Agents?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor PraisonAI Agents in your stack

Get instant alerts when new vulnerabilities affect PraisonAI Agents. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring