VIR Vulnerability Intelligence Relay

CVE-2026-44337

medium
Published 2026-05-11 · Modified 2026-05-11
CVSS v3
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS v2
VIR risk
6.3

Description

PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

Predictions

Exploit likelihood
73%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2

Package impact
EcosystemPackageVulnerableFixed
python PyPIpraisonai>=2.4.1,<4.6.344.6.34
PIPPraisonAI>= 2.4.1, <= 4.6.334.6.34

Application impact
VendorProductVersionsFixed
praisonpraisonai{"startIncluding":"2.4.1","endExcluding":"4.6.34"}4.6.34

References

CWEs

CWE-20 CWE-89

Verify integrity in audit chain (admin only). AS-IS.